CVE-2024-46897 LOW

CVE-2024-46897

Vendor Kajitori Co.,Ltd
Product Exment
Weakness CWE-732
Published October 18, 2024
Last update October 18, 2024

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.

Key dates

02Disclosure timeline

October 18, 2024 CVE published
October 18, 2024 Record updated