Search criteria
12 vulnerabilities found for dctrack by sunbirddcim
FKIE_CVE-2024-37776
Vulnerability from fkie_nvd - Published: 2024-12-16 22:15 - Updated: 2025-06-20 18:16
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sunbirddcim | dctrack | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en Sunbird DCIM dcTrack v9.1.2 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado en algunas pantallas de administraci\u00f3n."
}
],
"id": "CVE-2024-37776",
"lastModified": "2025-06-20T18:16:51.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-16T22:15:06.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dctrack.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-37775
Vulnerability from fkie_nvd - Published: 2024-12-16 22:15 - Updated: 2025-06-20 18:16
Severity ?
Summary
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sunbirddcim | dctrack | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check."
},
{
"lang": "es",
"value": "El control de acceso incorrecto en Sunbird DCIM dcTrack v9.1.2 permite a los atacantes crear o actualizar un ticket con una ubicaci\u00f3n que evita una verificaci\u00f3n RBAC."
}
],
"id": "CVE-2024-37775",
"lastModified": "2025-06-20T18:16:23.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-16T22:15:06.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dctrack.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-37774
Vulnerability from fkie_nvd - Published: 2024-12-16 22:15 - Updated: 2025-06-20 18:15
Severity ?
Summary
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sunbirddcim | dctrack | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens."
},
{
"lang": "es",
"value": "Cross-Site Request Forgery (CSRF) en Sunbird DCIM dcTrack v9.1.2 permite a atacantes autenticados aumentar sus privilegios al obligar a un usuario administrador a realizar solicitudes confidenciales en algunas pantallas de administraci\u00f3n."
}
],
"id": "CVE-2024-37774",
"lastModified": "2025-06-20T18:15:42.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-16T22:15:06.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dctrack.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-37773
Vulnerability from fkie_nvd - Published: 2024-12-16 22:15 - Updated: 2025-06-20 18:14
Severity ?
Summary
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sunbirddcim | dctrack | 9.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sunbirddcim:dctrack:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F59F3A28-335F-4872-A0DD-A890E809C23E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n HTML en Sunbird DCIM dcTrack 9.1.2 permite a atacantes autenticados como administradores inyectar c\u00f3digo HTML arbitrario en una pantalla de administraci\u00f3n."
}
],
"id": "CVE-2024-37773",
"lastModified": "2025-06-20T18:14:14.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-12-16T22:15:05.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://dctrack.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2024-37773 (GCVE-0-2024-37773)
Vulnerability from cvelistv5 – Published: 2024-12-16 00:00 – Updated: 2024-12-17 15:10
VLAI?
Summary
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:07:20.666148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:10:35.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:32:08.299605",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37773",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T15:10:35.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37774 (GCVE-0-2024-37774)
Vulnerability from cvelistv5 – Published: 2024-12-16 00:00 – Updated: 2024-12-17 15:06
VLAI?
Summary
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:02:47.928389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:06:07.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:34:24.661318",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37774",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T15:06:07.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37776 (GCVE-0-2024-37776)
Vulnerability from cvelistv5 – Published: 2024-12-16 00:00 – Updated: 2024-12-17 16:59
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:58:44.082050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:59:08.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:29:10.742083",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37776",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T16:59:08.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37775 (GCVE-0-2024-37775)
Vulnerability from cvelistv5 – Published: 2024-12-16 00:00 – Updated: 2024-12-17 15:01
VLAI?
Summary
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:59:12.598860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:01:53.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:38:04.452141",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37775",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T15:01:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37773 (GCVE-0-2024-37773)
Vulnerability from nvd – Published: 2024-12-16 00:00 – Updated: 2024-12-17 15:10
VLAI?
Summary
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:07:20.666148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:10:35.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:32:08.299605",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37773",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T15:10:35.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37774 (GCVE-0-2024-37774)
Vulnerability from nvd – Published: 2024-12-16 00:00 – Updated: 2024-12-17 15:06
VLAI?
Summary
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:02:47.928389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:06:07.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:34:24.661318",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37774",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T15:06:07.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37776 (GCVE-0-2024-37776)
Vulnerability from nvd – Published: 2024-12-16 00:00 – Updated: 2024-12-17 16:59
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.
Severity ?
4.8 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:58:44.082050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:59:08.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:29:10.742083",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37776",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T16:59:08.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37775 (GCVE-0-2024-37775)
Vulnerability from nvd – Published: 2024-12-16 00:00 – Updated: 2024-12-17 15:01
VLAI?
Summary
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:59:12.598860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:01:53.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T21:38:04.452141",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://dctrack.com"
},
{
"url": "https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37775",
"datePublished": "2024-12-16T00:00:00",
"dateReserved": "2024-06-10T00:00:00",
"dateUpdated": "2024-12-17T15:01:53.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}