CVE-2024-2412

{"id": "CVE-2024-2412", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-03-13T03:15:06.577", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html", "source": "twcert@cert.org.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."}, {"lang": "es", "value": "La funci\u00f3n de desactivaci\u00f3n de la p\u00e1gina de registro de usuarios para Heimavista Rpage y Epage no est\u00e1 implementada correctamente, lo que permite a atacantes remotos completar el registro de usuarios en sitios donde se supone que el registro de usuarios est\u00e1 desactivado."}], "lastModified": "2024-03-13T12:33:51.697", "sourceIdentifier": "twcert@cert.org.tw"}