CVE-2024-28735

Published: Mar 20, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://financials.com

http://unit4.com

https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html

https://www.unit4.com/

https://www.unit4.com/products/financial-management-software

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-28735

Description

Affected Products

References