VYPR
Unrated severityNVD Advisory· Published Feb 18, 2025· Updated Feb 19, 2025

CVE-2024-56883

CVE-2024-56883

Description

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sage/Sagecpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <2024_12_001

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.