CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1CVE-2024-48955
https://notcve.org/view.php?id=CVE-2024-48955
29 Oct 2024 — In NetAdmin 4.0.30319, an attacker can steal a valid session cookie and inject it into another device, granting unauthorized access. This type of attack is commonly referred to as session hijacking. En NetAdmin 4.0.30319, un atacante puede robar una cookie de sesión válida e inyectarla en otro dispositivo, lo que le otorga acceso no autorizado. Este tipo de ataque se conoce comúnmente como secuestro de sesión. Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that ... • https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview • CWE-284: Improper Access Control CWE-384: Session Fixation •
CVSS: 6.3EPSS: 15%CPEs: 6EXPL: 1CVE-2024-9513 – Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure
https://notcve.org/view.php?id=CVE-2024-9513
04 Oct 2024 — A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument username leads to information exposure through discrepancy. The attack may be launched remotely. The complexity of an attack is rather high. • https://github.com/ELIZEUOPAIN/Exploit-CVE-2024-9513-NetAdmin-IAM-Allows-User-Enumeration-In-Active-Directory • CWE-203: Observable Discrepancy •