{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2412", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-03-13T02:04:03.661Z", "datePublished": "2024-03-13T02:31:52.906Z", "dateUpdated": "2024-08-22T15:15:11.976Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Rpage", "vendor": "Heimavista", "versions": [{"lessThanOrEqual": "v5.4.103.20231111", "status": "affected", "version": "earlier version", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Epage", "vendor": "Heimavista", "versions": [{"lessThanOrEqual": "v3.0.106.20231112", "status": "affected", "version": "earlier version", "versionType": "custom"}]}], "datePublic": "2024-03-15T02:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."}], "value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-03-13T02:54:05.069Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update Rpage to versions later than v5.4.103.20231111<br>Update Epage to versions later than v3.0.106.20231112"}], "value": "Update Rpage to versions later than v5.4.103.20231111\nUpdate Epage to versions later than v3.0.106.20231112"}], "source": {"advisory": "TVN-20240301", "discovery": "EXTERNAL"}, "title": "Heimavista Rpage and Epage - Broken Access Control", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.516Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"}]}, {"affected": [{"vendor": "heimavista", "product": "rpage", "cpes": ["cpe:2.3:a:heimavista:rpage:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.4.103.20231111", "versionType": "custom"}]}, {"vendor": "heimavista", "product": "epage", "cpes": ["cpe:2.3:a:heimavista:epage:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.106.20231112", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-22T15:08:46.428071Z", "id": "CVE-2024-2412", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T15:15:11.976Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.516Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2412", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-22T15:08:46.428071Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:heimavista:rpage:*:*:*:*:*:*:*:*"], "vendor": "heimavista", "product": "rpage", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.4.103.20231111"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:heimavista:epage:*:*:*:*:*:*:*:*"], "vendor": "heimavista", "product": "epage", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0.106.20231112"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T15:12:19.938Z"}}], "cna": {"title": "Heimavista Rpage and Epage - Broken Access Control", "source": {"advisory": "TVN-20240301", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Heimavista", "product": "Rpage", "versions": [{"status": "affected", "version": "earlier version", "versionType": "custom", "lessThanOrEqual": "v5.4.103.20231111"}], "defaultStatus": "unaffected"}, {"vendor": "Heimavista", "product": "Epage", "versions": [{"status": "affected", "version": "earlier version", "versionType": "custom", "lessThanOrEqual": "v3.0.106.20231112"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update Rpage to versions later than v5.4.103.20231111\nUpdate Epage to versions later than v3.0.106.20231112", "supportingMedia": [{"type": "text/html", "value": "Update Rpage to versions later than v5.4.103.20231111<br>Update Epage to versions later than v3.0.106.20231112", "base64": false}]}], "datePublic": "2024-03-15T02:00:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.", "supportingMedia": [{"type": "text/html", "value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-03-13T02:54:05.069Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2412", "state": "PUBLISHED", "dateUpdated": "2024-08-22T15:15:11.976Z", "dateReserved": "2024-03-13T02:04:03.661Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-03-13T02:31:52.906Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."}, {"lang": "es", "value": "La funci\u00f3n de desactivaci\u00f3n de la p\u00e1gina de registro de usuarios para Heimavista Rpage y Epage no est\u00e1 implementada correctamente, lo que permite a atacantes remotos completar el registro de usuarios en sitios donde se supone que el registro de usuarios est\u00e1 desactivado."}], "id": "CVE-2024-2412", "lastModified": "2024-03-13T12:33:51.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-03-13T03:15:06.577", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}