CVE-2024-3270

Sažetak

A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.

Reference

https://drive.google.com/file/d/1w9iSMpyKDuapH9wjsgTe8AYPn8Z30u2Z/view?usp=drive_link
https://vuldb.com/?ctiid.259282
https://vuldb.com/?id.259282
https://vuldb.com/?submit.301359
https://drive.google.com/file/d/1w9iSMpyKDuapH9wjsgTe8AYPn8Z30u2Z/view?usp=drive_link
https://vuldb.com/?ctiid.259282
https://vuldb.com/?id.259282
https://vuldb.com/?submit.301359

CVSS

Base:	4.7
Impact:	4.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:P/A:P

Zadnje važnije ažuriranje

07-02-2025 - 14:57

Objavljeno

03-04-2024 - 23:15