CVE-2024-10439

Published: Oct 28, 2024Modified: Sep 25, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.

Affected (1)

Products: Sun.net: Ehrd Ctms

Sun.net

1 product

Ehrd Ctms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun.net Ehrd Ctms	Before 10.8

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.twcert.org.tw/en/cp-139-8167-a2c0d-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8166-085c4-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.