CVE-2024-28735
HIGHUnit4 Financials by Coda < 2023q4 - Authenticated Authorization Bypass via Password Modification Request
Title source: llmDescription
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
References (5)
Core 5
Core References
Broken Link
http://financials.com
Product
http://unit4.com
Exploit, Third Party Advisory
https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html
Product
https://www.unit4.com/
Scores
CVSS v3
8.1
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (1)
unit4/financials_by_coda
< 2023q4
Published
Mar 20, 2024
Tracked Since
Feb 18, 2026