CVE-2024-56883 — HIGH (8.1)

Q: How severe is CVE-2024-56883?

CVE-2024-56883 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-56883?

Check the references section above for vendor advisories and patch information. Affected products include: Sagedpw Sage Dpw.

Vulnerability Description

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sagedpw	Sage Dpw	< 2024_12_001

Related Weaknesses (CWE)

CWE-284

References

https://cves.at/posts/cve-cve-2024-56883/writeup/ExploitThird Party Advisory

FAQ

What is CVE-2024-56883?

CVE-2024-56883 is a vulnerability with a CVSS score of 8.1 (HIGH). Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee ro...

How severe is CVE-2024-56883?

CVE-2024-56883 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-56883?

Check the references section above for vendor advisories and patch information. Affected products include: Sagedpw Sage Dpw.