Lucene search

JpcertVULNRICHMENT:CVE-2024-36451

HistoryJul 10, 2024 - 7:01 a.m.

CVE-2024-36451

2024-07-1007:01:26

jpcert

github.com

cve-2024-36451

ajaxterm module

console session

unauthorized user

data breach

webpage alteration

server halt

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

CNA Affected

[
  {
    "vendor": "Webmin",
    "product": "Webmin",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 2.003"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gentoo",
    "product": "webmin",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.003",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

jvn.jp/en/jp/JVN81442045/

webmin.com/