3 matches found
CVE-2024-38446
CVE-2024-38446 concerns NATO NCI ANET 3.4.1. The vulnerability allows an attacker to create a report and, by altering a UUID in a POST request, change the report author to an arbitrary user without their consent. This is a logic/authorization issue where report ownership is mishandled. Affected c...
CVE-2024-38447
CVE-2024-38447 concerns NATO NCI ANET 3.4.1, where an insecure direct object reference exists due to a modified ID field in a request for a private draft report that belongs to another user. The affected component is the web application handling private draft reports; the root cause is an ID para...
CVE-2023-31441
CVE-2023-31441 affects NATO Communications and Information Agency anet (aka Advisor Network) up to version 3.3.0. A crafted JSON file fed to the sanitizeJson function can trigger an exception due to a data-structure modification during iteration, related to the U+FFFD Unicode replacement characte...