CVE-2024-48955

high

Description

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.

References

https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-48955&sortby=bydate

https://netadmin.software/gestao-de-identidade-e-acesso/

https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview

Details

Source: Mitre, NVD

Published: 2024-10-29

Updated: 2025-03-18

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.01443