Lucene search

[email protected]CVE-2024-4538

HistoryMay 07, 2024 - 12:15 p.m.

CVE-2024-4538

2024-05-0712:15:10

CWE-639

[email protected]

web.nvd.nist.gov

idor

janto ticketing software

version 4.3r10

remote user

sensitive user data

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user’s event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.

Affected configurations

Vulners

Node

improntajanto_ticketing_softwareRange≤4.3r10.cks

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Janto Ticketing Software",
    "vendor": "Impronta",
    "versions": [
      {
        "status": "affected",
        "version": "4.3r10.cks"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-4538

cvelist1 nvd1