CVE-2024-12306 MEDIUM

CVE-2024-12306: Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform

Vendor Unifiedtransform

Product Unifiedtransform

Weakness CWE-284

Published December 9, 2024

Last update December 9, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.

Key dates

02Disclosure timeline

December 9, 2024 CVE published

December 9, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12306

Related vulnerabilities

CVE-2024-12306: Access Control Vulnerabilities Allow Unauthorized Access to User Profiles in Unifiedtransform

01Description

02Disclosure timeline

03References

04Related CVE