Advisor Network

advisor_network

Vendor: Ncia • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-38447 1Ncia 1Advisor Network Jun 20, 2025 Jul 17, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
CVE-2024-38446 1Ncia 1Advisor Network Jun 20, 2025 Jul 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via...Show more NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.Show less
CVE-2023-31441 1Ncia 1Advisor Network Nov 21, 2024 Jul 18, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacemen...Show more In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.Show less