72 matches found
CVE-2024-29839
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETCARD, allowing for an unauthenticated attacker to return the card value data of any user...
CVE-2024-29841
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...
CVE-2024-29840
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETPINFIELDS, allowing for an unauthenticated attacker to return the pin value of any user...
CVE-2024-29838
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software...
CVE-2024-29839
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETCARD, allowing for an unauthenticated attacker to return the card value data of any user...
CVE-2024-29840
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETPINFIELDS, allowing for an unauthenticated attacker to return the pin value of any user...
CVE-2024-29838
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software...
CVE-2024-29841
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...
CVE-2024-29837
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in...
CVE-2024-29836
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site...
CVE-2024-29844 Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the us...
CVE-2024-29844 Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the us...
CVE-2024-29843
The CVE-2024-29843 entry concerns the Evolution Controller web interface. According to the connected Red Hat advisory, versions 2.04.560.31.03.2024 and earlier expose a vulnerability in the MOBILE_GET_USERS_LIST endpoint due to poorly configured access control. This allows an unauthenticated atta...
CVE-2024-29843 Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILEGETUSERSLIST, allowing for an unauthenticated attacker to enumerate all users and their access levels...
CVE-2024-29843 Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILEGETUSERSLIST, allowing for an unauthenticated attacker to enumerate all users and their access levels...
CVE-2024-29842 Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETABACARDFIELDS, allowing for an unauthenticated attacker to return the abacard field of any user...
CVE-2024-29842
The CVE-2024-29842 entry refers to Evolution Controller Web interface, affected in versions 2.04.560.31.03.2024 and earlier. The root cause is poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, enabling an unauthenticated attacker to retrieve the abacard field of any user. ...
CVE-2024-29842 Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETABACARDFIELDS, allowing for an unauthenticated attacker to return the abacard field of any user...
CVE-2024-29841 Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...
CVE-2024-29841 Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...