Home > Vulnerability Database > CVE-2024-46607

Mend.io Vulnerability Database

CVE-2024-46607

Date: September 23, 2024

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

Language: Java

Severity Score

7.6

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-46607

Url: https://github.com/Thecosy/iceCMS?tab=readme-ov-file

Url: https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46607.md

Url: http://icecms.com

Url: https://www.mend.io/vulnerability-database/CVE-2024-46607

Severity Score

7.6

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	7.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-46607

Date: September 23, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?