CVE-2024-28144

CVE-2024-28144: Broken Access Control

Vendor Image Access Gmbh
Product Scan2Net
Weakness CWE-384 · Session fixation
Published December 12, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.

Key dates

02Disclosure timeline

December 12, 2024 CVE published
November 3, 2025 Record updated