HIGH🇵🇱 Wersja polska

CVE-2024-29837

CVSS 8.8v3.1pub. 2024-04-15upd. 2025-12-10

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Cs Technologies Evolution

    APP
    Cs-Technologies
    ≤ 2.04.560
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-29836CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w Evolution Controller — nieautoryzowane przejęcie kont

CVE-2024-29844CRITICAL9.8PL ✓ten sam produkt

Domyślne dane logowania w Evolution Controller 2.x umożliwiają pełen dostęp administracyjny

CVE-2024-29839HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...

CVE-2024-29840HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...

CVE-2024-29841HIGH7.5ten sam produkt

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured ac...