FKIE_CVE-2024-12307

Vulnerability from fkie_nvd - Published: 2024-12-09 09:15 - Updated: 2024-12-09 09:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.
References
vulnerability@ncsc.chhttps://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c
Impacted products
Vendor Product Version
To clipboard Create KEV Entry 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso a nivel de funci\u00f3n en Unifiedtransform versi\u00f3n 2.0 y posiblemente versiones anteriores permite a los profesores modificar los datos personales de los estudiantes sin la debida autorizaci\u00f3n. La vulnerabilidad existe debido a la falta de controles de acceso en la funcionalidad de edici\u00f3n de estudiantes. En el momento de la publicaci\u00f3n de la CVE no hay ning\u00fan parche disponible."
    }
  ],
  "id": "CVE-2024-12307",
  "lastModified": "2024-12-09T09:15:05.433",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "vulnerability@ncsc.ch",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-09T09:15:05.433",
  "references": [
    {
      "source": "vulnerability@ncsc.ch",
      "url": "https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c"
    }
  ],
  "sourceIdentifier": "vulnerability@ncsc.ch",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "vulnerability@ncsc.ch",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.