216.73.216.133

CVE-2024-12306

· Published 09/12/2024 09:15 · Modified 09/12/2024 09:15

Labels: CVE-2024-12306 2024-12-09CVE-2024-12306CWE-284[email protected]

Essential information

Published
09/12/2024 09:15
Modified
09/12/2024 09:15
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References