What the vulnerability does
01Description
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
CVSS base score
4.0/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Key dates
02Disclosure timeline
September 9, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-20322
CVE-2026-3198 Improper Access Control in mlflow/mlflow
CVE-2020-3413 Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability
CVE-2026-8240 Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure in Backend\SummaryTemplate
CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App
