CVE-2024-28735

EUVD-2024-25824
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
unit4financials_by_coda
𝑥
< 2023q4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://financials.com
http://unit4.com
https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html
https://www.unit4.com/
https://www.unit4.com/products/financial-management-software
http://financials.com
http://unit4.com
https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html
https://www.unit4.com/
https://www.unit4.com/products/financial-management-software