CVE-2024-29837

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.
Configurations

No configuration.

History

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html - () https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html -

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) La interfaz web de Evolution Controller, versiones 2.04.560.31.03.2024 e inferiores, utiliza una gestión de sesión deficiente, lo que permite que un atacante no autenticado acceda a la funcionalidad de administrador si algún otro usuario ya ha iniciado sesión.

15 Apr 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-15 00:15

Updated : 2024-11-21 09:08


NVD link : CVE-2024-29837

Mitre link : CVE-2024-29837

CVE.ORG link : CVE-2024-29837


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control

CWE-1390

Weak Authentication