fkie_cve-2024-56114
Vulnerability from fkie_nvd
Published
2025-01-09 20:15
Modified
2025-07-16 10:49
Severity ?
Summary
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.e-connectsolutions.com | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| henkel | canlineapp | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:henkel:canlineapp:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99D0FCE8-56FE-4421-9ED8-13B836382712",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account."
},
{
"lang": "es",
"value": "Canlineapp Online 1.1 es vulnerable a controles de acceso err\u00f3neos y permite que los usuarios con el rol de auditor creen una plantilla de auditor\u00eda como resultado de verificaciones de autorizaci\u00f3n incorrectas. Esta funci\u00f3n est\u00e1 dise\u00f1ada para el rol de supervisor, pero los auditores han podido crear plantillas de auditor\u00eda con \u00e9xito desde su cuenta."
}
],
"id": "CVE-2024-56114",
"lastModified": "2025-07-16T10:49:58.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-09T20:15:39.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.e-connectsolutions.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…