- Description
- A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.
- Source
- vulnerability@ncsc.ch
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- vulnerability@ncsc.ch
- CWE-284
- Hype score
- Not currently trending
CVE-2024-12307 Unauthorized Access to Student Data in Unifiedtransform 2.0 In Unifiedtransform version 2.0 and possibly older versions, there's a function-level access control issue. Teachers can change student p... https://t.co/e7fwzcpi9V
@VulmonFeeds
9 Dec 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12307 A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without… https://t.co/ZPXkjoAukn
@CVEnew
9 Dec 2024
332 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes