CVE-2024-0336 CRITICAL

CVE-2024-0336: Improper Access Control in EMTA Grups PDKS

Vendor Emta Grup
Product PDKS
Weakness CWE-306 · Missing auth
Published June 3, 2024
Last update June 3, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Missing Authentication for Critical Function vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDKS: from V3.04 before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 3, 2024 CVE published
June 3, 2026 Record updated