CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-48217

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.002/1

CVE-2024-48217: SiSMART v7.4.0 Insecure Direct Object Reference (IDOR) vulnerability. This allows attackers to escalate privileges horizontally via the dashboard.

CVE-2024-48217 describes an IDOR vulnerability within the dashboard of SiSMART v7.4.0. An attacker can exploit this vulnerability to perform horizontal privilege escalation, meaning they could access or modify data belonging to other users. With an SVRS of 30, while not critical, this vulnerability should still be addressed, as it could potentially lead to unauthorized access and data breaches. This is significant because it impacts data security and user privacy within the SiSMART system. Immediate patching or mitigation is required to prevent potential exploits and maintain the integrity of the system. The IDOR can be easily exploited if left unpatched.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-11-01
LAST MODIFIED2024-11-05

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-48217 | SiSMART 7.4.0 Dashboard resource injection
vuldb.com2024-11-01
CVE-2024-48217 | SiSMART 7.4.0 Dashboard resource injection | A vulnerability has been found in SiSMART 7.4.0 and classified as problematic. This vulnerability affects unknown code of the component Dashboard. The manipulation leads to improper control of resource identifiers. This vulnerability was named CVE-2024-48217. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

#ThreatProtection #CVE-2024-48217 - An Insecure Direct Object Reference (#IDOR) #vulnerability in #SiSMART, read more about Symantec's protection: https://t.co/qSa3DU82Dw
0
1
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/ajrielrm/CVE-2024-48217
GITHUBhttps://github.com/ajrielrm/CVE-2024-48217

CWE Details

CWE IDCWE NameDescription
CWE-639Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence