Description
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
Published: 2024-11-01
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Update to version 2.8.0.0523 or later.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-33222 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
History

Fri, 01 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 01 Nov 2024 10:00:00 +0000

Type Values Removed Values Added
Description IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
Title CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal
Weaknesses CWE-36
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2024-11-01T13:32:30.517Z

Reserved: 2024-11-01T02:35:59.878Z

Link: CVE-2024-10651

cve-icon Vulnrichment

Updated: 2024-11-01T13:32:27.604Z

cve-icon NVD

Status : Deferred

Published: 2024-11-01T10:15:04.600

Modified: 2026-06-17T06:56:07.437

Link: CVE-2024-10651

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses