CVE-2024-46607
First published: Tue Sep 24 2024(Updated: )
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iceCMS | <3.4.7 | |
| iCMS | <=3.4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-46607?
CVE-2024-46607 is considered a critical vulnerability due to incorrect access control allowing unauthorized authentication.
How do I fix CVE-2024-46607?
To fix CVE-2024-46607, update IceCMS to version 3.4.8 or later where the access control issue has been resolved.
What systems are affected by CVE-2024-46607?
CVE-2024-46607 affects IceCMS versions 3.4.7 and earlier.
What are the potential impacts of CVE-2024-46607?
The potential impacts of CVE-2024-46607 include unauthorized access to the admin panel, leading to data breaches or content manipulation.
Is there a mitigation strategy for CVE-2024-46607 if I cannot update?
If you cannot update, consider restricting access to the admin panel through network-based firewalls or VPNs as a temporary mitigation.
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/icecms
- canonical/icecms
- vendor/thecosy
- canonical/icms
- version/icms/3.4.7