Evolution Security Vulnerabilities and Issues — Evolution CVE List

Cs-technologiesEvolution

9 matches found

CVE•added 2024/04/14 11:48 p.m.•48 views

CVE-2024-29840

Affected : Evolution Controller Web interface (versions ≤ 2.04.560.31.03.2024). Vulnerability : poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS. Impact : unauthenticated attacker can retrieve PIN value of any user. No remediation details are provided in the supplied documents.

7.5CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:47 p.m.•47 views

CVE-2024-29836

CVE-2024-29836 affects Evolution Controller Web interface up to version 2.04.560.31.03.2024 and earlier. The vulnerability is due to poorly configured access control in the web interface, enabling an unauthenticated attacker to update and add user profiles and thereby gain full access to the site...

9.8CVSS7.1AI score0.00227EPSS

CVE•added 2024/04/14 11:47 p.m.•47 views

CVE-2024-29837

In Evolution Controller, the Web interface vulnerability CVE-2024-29837 affects Versions 2.04.560.31.03.2024 and earlier. The root cause is poor session management, enabling an unauthenticated attacker to access administrator functionality if any other user is already signed in. This is evidenced...

8.8CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:47 p.m.•47 views

CVE-2024-29838

Technical details about CVE-2024-29838 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

7.5CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:48 p.m.•47 views

CVE-2024-29842

The CVE-2024-29842 entry refers to Evolution Controller Web interface, affected in versions 2.04.560.31.03.2024 and earlier. The root cause is poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, enabling an unauthenticated attacker to retrieve the abacard field of any user. ...

7.5CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:48 p.m.•46 views

CVE-2024-29843

The CVE-2024-29843 entry concerns the Evolution Controller web interface. According to the connected Red Hat advisory, versions 2.04.560.31.03.2024 and earlier expose a vulnerability in the MOBILE_GET_USERS_LIST endpoint due to poorly configured access control. This allows an unauthenticated atta...

7.5CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:48 p.m.•44 views

CVE-2024-29841

Technical details for CVE-2024-29841 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:48 p.m.•43 views

CVE-2024-29839

The CVE-2024-29839 entry concerns Evolution Controller Web UI prior to a certain version. Affected: Evolution Controller Versions 2.04.560.31.03.2024 and earlier. Root cause: poorly configured access control on the DESKTOP_EDIT_USER_GET_CARD endpoint. Impact: unauthenticated attackers can retriev...

7.5CVSS7AI score0.00227EPSS

CVE•added 2024/04/14 11:48 p.m.•43 views

CVE-2024-29844

Technical details for CVE-2024-29844 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

9.8CVSS9.6AI score0.00227EPSS