Vulnerability Description
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unit4 | Financials By Coda | < 2023q4 |
Related Weaknesses (CWE)
References
- http://financials.comBroken Link
- http://unit4.comProduct
- https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-ByExploitThird Party Advisory
- https://www.unit4.com/Product
- https://www.unit4.com/products/financial-management-softwareProduct
- http://financials.comBroken Link
- http://unit4.comProduct
- https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-ByExploitThird Party Advisory
- https://www.unit4.com/Product
- https://www.unit4.com/products/financial-management-softwareProduct
FAQ
What is CVE-2024-28735?
CVE-2024-28735 is a vulnerability with a CVSS score of 8.1 (HIGH). Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of th...
How severe is CVE-2024-28735?
CVE-2024-28735 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28735?
Check the references section above for vendor advisories and patch information. Affected products include: Unit4 Financials By Coda.