CVE-2024-9513

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Oct 4, 2024
Updated: Oct 7, 2024
CWE ID 203

Summary

CVE-2024-9513 is a vulnerability found in Netadmin Software's NetAdmin IAM versions up to 3.5, specifically affecting an unspecified functionality of the HTTP POST Request Handler related to the file /controller/api/Answer/ReturnUserQuestionsFilled. The vulnerability arises from improper handling of the username argument, which can lead to information exposure. Although the attack can be executed remotely, it has a high complexity level, making exploitation difficult. The vendor is aware of the issue and plans to release a fix by mid-October 2024. Organizations using affected products such as zL5-4R and zLl-K9 should monitor for updates and apply remediation promptly due to the low confidentiality impact associated with this flaw.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share