ГлавнаяУязвимости → CVE-2024-29837
8.8высокая

CVE-2024-29837

Описание

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

Затрагиваемое ПО
Cs-technologies Evolution
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.htmlhttps://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html