CVE-2024-4428 MEDIUM

CVE-2024-4428: Sensetive Data Exposure in Menulux Managment Portal

Vendor Menulux Information Technologies
Product Managment Portal
Weakness CWE-306 · Missing auth
Published August 29, 2024
Last update June 3, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024.

Key dates

02Disclosure timeline

August 29, 2024 CVE published
June 3, 2026 Record updated