CVE-2024-46635 | INROAD prior 20240206 API Endpoint GetCurrentUserInfo UserNameOrPhoneNumber information disclosure

Posted by Angelo Barbosa | Sep 30, 2024 | CVE

A vulnerability was found in INROAD. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /AccountMaster/GetCurrentUserInfo of the component API Endpoint. The manipulation of the argument UserNameOrPhoneNumber leads to information disclosure.

This vulnerability is known as CVE-2024-46635. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-46635 | INROAD prior 20240206 API Endpoint GetCurrentUserInfo UserNameOrPhoneNumber information disclosure

Related Posts

CVE-2024-34487 | Faucet SDN Ryu 4.34 parser.py OFPFlowStats infinite loop (Issue 192)

CVE-2024-33787 | Hengan Weighing Management Information Query Platform 2019-2021 53.25 search_user.aspx tuser_Number sql injection

CVE-2024-35247 | Linux Kernel up to 5.10.218/5.15.160/6.1.92/6.6.32/6.9.3 fpga null pointer dereference

CVE-2021-47012 | Linux Kernel up to 5.4.118/5.10.36/5.11.20/5.12.3 RDMA siw_alloc_mr use after free