CVE-2024-12307

Dec. 9, 2024, 9:15 a.m.

4.3
Medium

Description

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.

Product(s) Impacted

Product Versions
Unifiedtransform
  • ['2.0 and earlier versions']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c

Tags

CWE-284
vulnerability@ncsc.ch
2024-12-09
CVE-2024-12307

CVSS Score

4.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    View Vector String

Timeline

Published: Dec. 9, 2024, 9:15 a.m.
Last Modified: Dec. 9, 2024, 9:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vulnerability@ncsc.ch

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.