CVE-2024-12306: Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform

4.3 CVSS

Description

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.

Classification

CVE ID: CVE-2024-12306

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

Affected Products

Vendor: Unifiedtransform

Product: Unifiedtransform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://huntr.com/bounties/90a7299e-9233-43fd-b666-7375c4fdbb3c

Timeline

2024-12-10 00:31:08 UTC
CVE

Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform