Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 7:45 a.m.11 views

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...

8.1CVSS6.8AI score0.00714EPSS
Exploits2References1
osv
osv
added 2024/03/20 3:15 p.m.12 views

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...

8.1CVSS5.8AI score0.00714EPSS
Exploits2References5
cve
cve
added 2024/03/20 12:0 a.m.1551 views

CVE-2024-28735

Summary: CVE-2024-28735 affects Unit4 Financials by Coda prior to 2023Q4. An authenticated user can bypass access control to change any user’s password via a crafted request (PoC shows POST /coda/rest/session/password with fields including user, newPassword, and target username). Impact: password...

8.1CVSS6.6AI score0.00714EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2024/03/20 12:0 a.m.20 views

CVE-2024-28735

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request...

6.6AI score0.00714EPSS
Exploits2References3
packetstorm
packetstorm
added 2024/03/15 12:0 a.m.341 views

Financials By Coda Authorization Bypass

Vulnerability type: Incorrect Access Control Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: "user" : "", "password" : "", "company" : "", "newPassword" : "newpasswordfortargeteduser",...

7.4AI score0.00714EPSS
Exploits2
Rows per page
Query Builder