CVE-2024-4428

Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-1356	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:menulux:managment_portal:*:*:*:*:*:*:*:*

History

30 Aug 2024, 15:49

Type	Values Removed	Values Added
First Time		Menulux managment Portal Menulux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:menulux:managment_portal::::::::
Summary		(es) La vulnerabilidad de administración de privilegios incorrecta en el portal de administración de Menulux Information Technologies permite recopilar datos proporcionados por los usuarios. Este problema afecta al portal de administración: hasta el 21.05.2024.
CWE		NVD-CWE-noinfo
References	~~() https://www.usom.gov.tr/bildirim/tr-24-1356 -~~	() https://www.usom.gov.tr/bildirim/tr-24-1356 - Broken Link

29 Aug 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-29 11:15

Updated : 2024-08-30 15:49

NVD link : CVE-2024-4428

Mitre link : CVE-2024-4428

CVE.ORG link : CVE-2024-4428

JSON object : View

Products Affected

menulux

managment_portal

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2024-4428", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "LOW", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-29T11:15:27.200", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-1356", "tags": ["Broken Link"], "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024."}, {"lang": "es", "value": "La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en el portal de administraci\u00f3n de Menulux Information Technologies permite recopilar datos proporcionados por los usuarios. Este problema afecta al portal de administraci\u00f3n: hasta el 21.05.2024."}], "lastModified": "2024-08-30T15:49:16.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:menulux:managment_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4A4E289-EF05-4422-8345-67A29FF7D76E", "versionEndIncluding": "21.05.2024"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}