Ncia: >> Advisor Network >> 3.4.1 Security Vulnerabilities
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
CVSS Score
8.1
EPSS Score
0.001
Published
2024-07-17
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-17