Vulnerabilities

CVE-2024-10439

by Fred · 28/10/2024

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.

More information : https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : NONE
Base score : 7.5
Base severity : HIGH
Exploitability score : 3.9
Impact score : 3.6

Similar

Tags: Cybersecurity Alert