Description

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.

INFO

Published Date :

2024-10-29T00:00:00.000Z

Last Modified :

2025-03-18T18:37:32.449Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-48955 vulnerability.

Vendors Products
Netadmin
  • Netadmin
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-48955.

URL Resource
https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview cve-icon cve-icon
https://netadmin.software/gestao-de-identidade-e-acesso/ cve-icon cve-icon
https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-48955&sortby=bydate cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact