CVE-2024-12306

Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform

Description

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.

INFO

Published Date :

2024-12-09T08:50:23.241Z

Last Modified :

2024-12-09T15:27:21.662Z

Source :

NCSC.ch

AFFECTED PRODUCTS

The following products are affected by CVE-2024-12306 vulnerability.

Vendors	Products
Unifiedtransform	Unifiedtransform

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12306.

URL	Resource
https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact