CVE-2024-29842 HIGH

CVE-2024-29842: Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values

Vendor Cs Technologies Australia
Product Evolution Controller
Weakness CWE-200 · Info exposure
Published April 14, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user

Key dates

02Disclosure timeline

April 14, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-47197 Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials CVE-2020-12027 Rockwell Automation FactoryTalk View SE CVE-2025-62400 Moodle: hidden group names visible to event creators CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history CVE-2023-49774 WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability