CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

CVE-2024-38447

CVE-2024-38447 concerns NATO NCI ANET 3.4.1, where an insecure direct object reference exists due to a modified ID field in a request for a private draft report that belongs to another user. The affected component is the web application handling private draft reports; the root cause is an ID para...

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

CVE-2024-38446

CVE-2024-38446 concerns NATO NCI ANET 3.4.1. The vulnerability allows an attacker to create a report and, by altering a UUID in a POST request, change the report author to an arbitrary user without their consent. This is a logic/authorization issue where report ownership is mishandled. Affected c...

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

Privilege escalation

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

NATO Communications and Information Agency anet 代码问题漏洞

The NATO Communications and Information Agency anet is a tool organized by the US-based NCI Agency to track the relationship between advisors and advisees. A security vulnerability exists in NATO Communications and Information Agency anet version 3.3.0 and earlier, which can be exploited by an...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

Weak Password Vulnerability in Anet-Smart Wi-Fi Gateway System

hereinafter referred to as AnNet Communications is a solution provider focusing on the research, development, production, sales and service of network communication equipment based on IP technology, providing users with network security, routers, switches, firewalls, wireless AP coverage and othe...