CVE-2024-56898
First published: Mon Feb 03 2025(Updated: )
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GeoVision | <=6.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-56898?
CVE-2024-56898 is considered a medium severity vulnerability due to its incorrect access control allowing unauthorized user account management.
How do I fix CVE-2024-56898?
To address CVE-2024-56898, upgrade Geovision GV-ASWeb to a version beyond 6.1.0.0 to eliminate the access control issue.
What software is affected by CVE-2024-56898?
CVE-2024-56898 affects Geovision GV-ASWeb versions 6.1.0.0 and below.
What type of attack does CVE-2024-56898 facilitate?
CVE-2024-56898 facilitates unauthorized attackers managing and creating user accounts through crafted HTTP requests.
Is CVE-2024-56898 being actively exploited?
As of now, there are no public reports indicating that CVE-2024-56898 is actively exploited in the wild.
- agent/references
- agent/author
- agent/type
- agent/source
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/geovision
- canonical/geovision