CVE-2024-9513

Name of the Vulnerable Software and Affected Versions Netadmin Software NetAdmin IAM versions up to 3.5

Description A vulnerability was found in the HTTP POST Request Handler component, specifically affecting the /controller/api/Answer/ReturnUserQuestionsFilled file. The manipulation of the username argument leads to information exposure through discrepancy. This issue can be exploited remotely, with a rather high complexity of attack and difficult exploitation. The exploit has been disclosed to the public.

Recommendations For Netadmin Software NetAdmin IAM versions up to 3.5, the vendor is planning to release a fix in mid-October 2024. As a temporary workaround, consider restricting access to the /controller/api/Answer/ReturnUserQuestionsFilled API endpoint or disabling the manipulation of the username argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.