CVE-2024-34520

Name of the Vulnerable Software and Affected Versions Mavenir SCE Application Provisioning Portal version PORTAL-LBS-R 1 0 24 0

Description The issue concerns an authorization bypass in the Mavenir SCE Application Provisioning Portal. This allows an authenticated 'guest' user to perform unauthorized administrative actions by bypassing client-side access controls. For example, the user can access the 'add user' feature.

Recommendations For version PORTAL-LBS-R 1 0 24 0, consider restricting access to administrative features, such as the 'add user' function, until a patch is available to prevent unauthorized actions by authenticated 'guest' users. As a temporary workaround, disabling or limiting the functionality that allows 'guest' users to bypass client-side access controls can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.