Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.7 views

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

8.1CVSS7AI score0.00407EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.4 views

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

6.5CVSS7AI score0.00347EPSS
Exploits1References1
OSV
OSV
added 2024/07/17 12:0 a.m.5 views

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

8.1CVSS7.1AI score0.00407EPSS
Exploits1References3
CVE
CVE
added 2024/07/17 12:0 a.m.50 views

CVE-2024-38447

CVE-2024-38447 concerns NATO NCI ANET 3.4.1, where an insecure direct object reference exists due to a modified ID field in a request for a private draft report that belongs to another user. The affected component is the web application handling private draft reports; the root cause is an ID para...

8.1CVSS7.2AI score0.00407EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/17 12:0 a.m.33 views

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

0.00347EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/17 12:0 a.m.22 views

CVE-2024-38447

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report that belongs to an arbitrary user...

0.00407EPSS
Exploits1References1
Rows per page
Query Builder