216.73.216.86

CVE-2024-46607

· Published 25/09/2024 01:15 · Modified 26/09/2024 13:32

Labels: CVE-2024-46607 2024-09-25CVE-2024-46607CWE-284[email protected]

Essential information

Published
25/09/2024 01:15
Modified
26/09/2024 13:32
Author
Creator
CVSS
7.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CVSS metrics

Description

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References