CVE-2024-45877 — MEDIUM (6.5)

Vulnerability Description

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock other user or unlock the own account, change the password of other users, create new users or delete existing users and view, manipulate and delete reference data.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Related Weaknesses (CWE)

CWE-863

References

https://cyber.wtf/2024/11/11/topqw-webportal-cves/

FAQ

What is CVE-2024-45877?

CVE-2024-45877 is a vulnerability with a CVSS score of 6.5 (MEDIUM). baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all ...

How severe is CVE-2024-45877?

CVE-2024-45877 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-45877?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.