CVE-2024-40530

A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header...

CVE-2024-40531

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

CVE-2024-40530

A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header...

CVE-2024-40530

A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header...

CVE-2024-40531

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

CVE-2024-40530

Pantera CRM versions 401.152 and 402.072 are affected by an authorization bypass vulnerability where an attacker can bypass IP-based access controls by manipulating the X-Forwarded-For header. The CVE-2024-40530 entry includes a CVSS v3.1 base score of 7.5 (HIGH) with NETWORK attack vector, LOW a...

CVE-2024-40531

CVE-2024-40531 affects Pantera CRM versions 401.152 and 402.072. The vulnerability is a mass assignment flaw in profile management that allows an authenticated user to inject extra parameters and modify any user attribute, including roles. CVSS 3.1 vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, bas...