Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request.
History

Thu, 07 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared B1ackc4t
B1ackc4t 14finger
Weaknesses CWE-306
CPEs cpe:2.3:a:b1ackc4t:14finger:1.1:*:*:*:*:*:*:*
Vendors & Products B1ackc4t
B1ackc4t 14finger
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-05T00:00:00

Updated: 2024-11-07T16:02:01.518Z

Reserved: 2024-06-10T00:00:00

Link: CVE-2024-37767

cve-icon Vulnrichment

Updated: 2024-08-02T03:57:39.737Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-05T17:15:11.533

Modified: 2024-11-07T16:35:17.313

Link: CVE-2024-37767

cve-icon Redhat

No data.