CVE-2024-45877

{"id": "CVE-2024-45877", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-11-13T21:15:28.983", "references": [{"url": "https://cyber.wtf/2024/11/11/topqw-webportal-cves/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data."}, {"lang": "es", "value": "El portal web TOPqw v1.35.283.2 de baltic-it es vulnerable a un control de acceso incorrecto en la funci\u00f3n de administraci\u00f3n de usuarios en /Apps/TOPqw/BenutzerManagement.aspx. Esto permite que un usuario con pocos privilegios acceda a todos los m\u00f3dulos del portal web, vea y manipule informaci\u00f3n y permisos de otros usuarios, bloquee a otros usuarios o desbloquee su propia cuenta, cambie la contrase\u00f1a de otros usuarios, cree nuevos usuarios o elimine usuarios existentes y vea, manipule y elimine datos de referencia."}], "lastModified": "2024-11-26T20:15:29.633", "sourceIdentifier": "cve@mitre.org"}