CVE-2024-12306 – Oracle Unifiedtransform Access Control Bypass

12月 9, 2024
10:16 am

CVE ID : CVE-2024-12306

Published : Dec. 9, 2024, 9:15 a.m. | 1 hour, 1 minute ago

Description : Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12306 – Oracle Unifiedtransform Access Control Bypass

Elvescore.io

Recent Posts

CVE-2024-12908 – Delinea Secret Server Regular Expression Injection Vulnerability

CVE-2024-12958 – RPost MCA SQL Injection Vulnerability

CVE-2024-12959 – “Fortress MCA SQL Injection”

CVE-2024-51540 – Dell ECS Arithmetic Overflow Vulnerability (Path Traversal)

CVE-2024-12955 – PHPGurukul Blood Bank & Donor Management System CSRF Vulnerability

CVE-2024-12956 – “Unrestricted File Upload in 1000 Projects Portfolio Management System MCA”

CVE-2024-12306 – Oracle Unifiedtransform Access Control Bypass

CVE-2024-12306 – Oracle Unifiedtransform Access Control Bypass