← Back to CVE List

CVE-2024-12306

Published: 2024-12-09T09:15Z
Last Modified: 2024-12-09T09:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt