CVE-2024-2412 MEDIUM

CVE-2024-2412: Heimavista Rpage and Epage - Broken Access Control

Vendor Heimavista
Product Rpage
Weakness CWE-1220
Published March 13, 2024
Last update October 14, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.

Key dates

02Disclosure timeline

March 13, 2024 CVE published
October 14, 2024 Record updated