Products
IceCMS
- 3.4.7 and before
Source
cve@mitre.org
Tags
CVE-2024-46609 details
Published : Sept. 25, 2024, 1:15 a.m.
Last Modified : Sept. 25, 2024, 1:36 a.m.
Last Modified : Sept. 25, 2024, 1:36 a.m.
Description
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.3 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-284 | Improper Access Control | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
Base Score
7.3
Exploitability Score
2.5
Impact Score
4.7
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
References
| URL | Source |
|---|---|
| https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46609.md | cve@mitre.org |
| https://github.com/Thecosy/iceCMS?tab=readme-ov-file | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.