Incorrect permission assignment for critical resource allows unauthorized access to sensitive data
CVE-2024-46897

3.8LOW

Key Information:

Vendor: Kajitori Co.,ltd
Status: Exment
Vendor: CVE Published:; 18 October 2024

🔔 Create Kajitori Co.,ltd Vulnerability Alert

What is CVE-2024-46897?

Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.

Affected Version(s)

Exment v6.1.4 and earlier

Exment v5.0.11 and earlier

References

https://exment.net/vulnerability-correspondence-version-6...

https://exment.net/docs/#/weakness/20241010_2

https://jvn.jp/en/jp/JVN74538317/

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Oct 3, 2024