CVE-2024-37775

Sunbird DCIM dcTrack 9.1.2 contains an access-control flaw that allows an attacker to create or update a ticket with a location while bypassing RBAC checks. The issue is documented across multiple sources (Red Hat and NVD/CNNVD entries) with the same vulnerability description: faulty access contr...

CVE-2024-37774

Sunbird DCIM dcTrack v9.1.2 is affected by a CSRF vulnerability that can escalate an authenticated administrator’s privileges by coercing sensitive actions in certain admin screens. The issue is triggered when a logged-in user is forced to perform unintended requests, enabling privilege elevation...

CVE-2024-37773

CVE-2024-37773 describes an HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 . Authenticated administrators can inject arbitrary HTML into an admin screen, potentially affecting the admin UI. The vulnerability is described with a CVSS v3.1 base score of 4.8 (Medium) , with network attac...

CVE-2024-37776

Sunbird DCIM dcTrack v9.1.2 is affected by a cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary web scripts or HTML through a crafted payload on certain admin screens. The CVE entry notes the issue exists in the reported product/version, but the provided connect...