CVE-2024-36523

{"id": "CVE-2024-36523", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-12T21:15:50.407", "references": [{"url": "https://github.com/648540858/wvp-GB28181-pro/issues/1456", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts."}, {"lang": "es", "value": "Un problema de control de acceso en Wvp GB28181 Pro 2.0 permite a los usuarios continuar accediendo a la informaci\u00f3n en la aplicaci\u00f3n despu\u00e9s de eliminar sus propias cuentas o las de administrador. Esto siempre que los usuarios no cierren sesi\u00f3n en sus cuentas eliminadas."}], "lastModified": "2024-09-06T17:35:10.403", "sourceIdentifier": "cve@mitre.org"}