4 matches found
CVE-2024-28144
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user...
CVE-2024-28144
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user...
CVE-2024-28144 Broken Access Control
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user...
CVE-2024-28144
CVE-2024-28144 describes a flaw in a self-developed session management that allows session takeover when an attacker can spoof the IP address and User-Agent of a logged-in user. Two users on the same IP can be logged in as the other user. Connected sources identify Image Access Scan2Net as affect...