CVE-2024-12306
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 9, 2024
CWE ID 639
CWE ID 284
Summary
CVE-2024-12306 is a newly disclosed access control vulnerability affecting Unifiedtransform version 2.0 and possibly older versions. The issue encompasses both function-level and object-level access control flaws in list viewing and profile viewing endpoints, respectively. A malicious student user can exploit these vulnerabilities to unauthorizedly access the personal information of other students and teachers. At the time of this summary, no patch has been released to address the vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share