← Back

Ncia

ncia

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Advisor Network
advisor_network
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-38447
1Ncia
1Advisor Network
Jun 20, 2025
Jul 17, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user).
CVE-2024-38446
1Ncia
1Advisor Network
Jun 20, 2025
Jul 17, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via...Show more
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request.Show less
CVE-2023-31441
1Ncia
1Advisor Network
Nov 21, 2024
Jul 18, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacemen...Show more
In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.Show less