Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Epage by Heimavista
CVE-2024-2412 (GCVE-0-2024-2412)
Vulnerability from nvd – Published: 2024-03-13 02:31 – Updated: 2024-10-14 06:12
VLAI
EPSS
VEX
Title
Heimavista Rpage and Epage - Broken Access Control
Summary
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html | third-party-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Heimavista | Rpage |
Affected:
earlier version , ≤ v5.4.103.20231111
(custom)
|
|
| Heimavista | Epage |
Affected:
earlier version , ≤ v3.0.106.20231112
(custom)
|
|
| heimavista | rpage |
Affected:
0 , ≤ 5.4.103.20231111
(custom)
cpe:2.3:a:heimavista:rpage:*:*:*:*:*:*:*:* |
|
| heimavista | epage |
Affected:
0 , ≤ 3.0.106.20231112
(custom)
cpe:2.3:a:heimavista:epage:*:*:*:*:*:*:*:* |
Date Public
2024-03-15 02:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:heimavista:rpage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rpage",
"vendor": "heimavista",
"versions": [
{
"lessThanOrEqual": "5.4.103.20231111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:heimavista:epage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epage",
"vendor": "heimavista",
"versions": [
{
"lessThanOrEqual": "3.0.106.20231112",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T15:08:46.428071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T15:15:11.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rpage",
"vendor": "Heimavista",
"versions": [
{
"lessThanOrEqual": "v5.4.103.20231111",
"status": "affected",
"version": "earlier version",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Epage",
"vendor": "Heimavista",
"versions": [
{
"lessThanOrEqual": "v3.0.106.20231112",
"status": "affected",
"version": "earlier version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-03-15T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."
}
],
"value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T06:12:23.993Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Rpage to versions later than v5.4.103.20231111\u003cbr\u003eUpdate Epage to versions later than v3.0.106.20231112"
}
],
"value": "Update Rpage to versions later than v5.4.103.20231111\nUpdate Epage to versions later than v3.0.106.20231112"
}
],
"source": {
"advisory": "TVN-20240301",
"discovery": "EXTERNAL"
},
"title": "Heimavista Rpage and Epage - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-2412",
"datePublished": "2024-03-13T02:31:52.906Z",
"dateReserved": "2024-03-13T02:04:03.661Z",
"dateUpdated": "2024-10-14T06:12:23.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2412 (GCVE-0-2024-2412)
Vulnerability from cvelistv5 – Published: 2024-03-13 02:31 – Updated: 2024-10-14 06:12
VLAI
EPSS
VEX
Title
Heimavista Rpage and Epage - Broken Access Control
Summary
The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html | third-party-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Heimavista | Rpage |
Affected:
earlier version , ≤ v5.4.103.20231111
(custom)
|
|
| Heimavista | Epage |
Affected:
earlier version , ≤ v3.0.106.20231112
(custom)
|
|
| heimavista | rpage |
Affected:
0 , ≤ 5.4.103.20231111
(custom)
cpe:2.3:a:heimavista:rpage:*:*:*:*:*:*:*:* |
|
| heimavista | epage |
Affected:
0 , ≤ 3.0.106.20231112
(custom)
cpe:2.3:a:heimavista:epage:*:*:*:*:*:*:*:* |
Date Public
2024-03-15 02:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:heimavista:rpage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rpage",
"vendor": "heimavista",
"versions": [
{
"lessThanOrEqual": "5.4.103.20231111",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:heimavista:epage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "epage",
"vendor": "heimavista",
"versions": [
{
"lessThanOrEqual": "3.0.106.20231112",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T15:08:46.428071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T15:15:11.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Rpage",
"vendor": "Heimavista",
"versions": [
{
"lessThanOrEqual": "v5.4.103.20231111",
"status": "affected",
"version": "earlier version",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Epage",
"vendor": "Heimavista",
"versions": [
{
"lessThanOrEqual": "v3.0.106.20231112",
"status": "affected",
"version": "earlier version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-03-15T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."
}
],
"value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T06:12:23.993Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Rpage to versions later than v5.4.103.20231111\u003cbr\u003eUpdate Epage to versions later than v3.0.106.20231112"
}
],
"value": "Update Rpage to versions later than v5.4.103.20231111\nUpdate Epage to versions later than v3.0.106.20231112"
}
],
"source": {
"advisory": "TVN-20240301",
"discovery": "EXTERNAL"
},
"title": "Heimavista Rpage and Epage - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-2412",
"datePublished": "2024-03-13T02:31:52.906Z",
"dateReserved": "2024-03-13T02:04:03.661Z",
"dateUpdated": "2024-10-14T06:12:23.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}