Description

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.

INFO

Published Date :

2025-02-18T00:00:00.000Z

Last Modified :

2025-02-19T15:04:31.165Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56883 vulnerability.

Vendors Products
Sagedpw
  • Sage Dpw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56883.

URL Resource
https://cves.at/posts/cve-cve-2024-56883/writeup/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact