← Voltar para CVEs
CVE-2024-28735
HIGH8.1
Descricao
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/20/2024
Ultima modificacao6/17/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
unit4:financials_by_coda
Fraquezas (CWE)
CWE-287
Referencias
http://financials.com(cve@mitre.org)
http://unit4.com(cve@mitre.org)
https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html(cve@mitre.org)
https://www.unit4.com/(cve@mitre.org)
https://www.unit4.com/products/financial-management-software(cve@mitre.org)
http://financials.com(af854a3a-2127-422b-91ae-364da2661108)
http://unit4.com(af854a3a-2127-422b-91ae-364da2661108)
https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.unit4.com/(af854a3a-2127-422b-91ae-364da2661108)
https://www.unit4.com/products/financial-management-software(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.