CVE-2024-4428

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-1356	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:menulux:managment_portal:*:*:*:*:*:*:*:*

History

14 Oct 2025, 13:15

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-862 CWE-306
Summary	~~(en) Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.~~	(en) Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.

30 Aug 2024, 15:49

Type	Values Removed	Values Added
First Time		Menulux Menulux managment Portal
Summary		(es) La vulnerabilidad de administración de privilegios incorrecta en el portal de administración de Menulux Information Technologies permite recopilar datos proporcionados por los usuarios. Este problema afecta al portal de administración: hasta el 21.05.2024.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://www.usom.gov.tr/bildirim/tr-24-1356 -~~	() https://www.usom.gov.tr/bildirim/tr-24-1356 - Broken Link
CPE		cpe:2.3:a:menulux:managment_portal::::::::
CWE		NVD-CWE-noinfo

29 Aug 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-29 11:15

Updated : 2025-10-14 13:15

NVD link : CVE-2024-4428

Mitre link : CVE-2024-4428

CVE.ORG link : CVE-2024-4428

JSON object : View

Products Affected

menulux

managment_portal

CWE

CWE-306

Missing Authentication for Critical Function

CWE-862

Missing Authorization

NVD-CWE-noinfo

{"id": "CVE-2024-4428", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-08-29T11:15:27.200", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-1356", "tags": ["Broken Link"], "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024."}, {"lang": "es", "value": "La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en el portal de administraci\u00f3n de Menulux Information Technologies permite recopilar datos proporcionados por los usuarios. Este problema afecta al portal de administraci\u00f3n: hasta el 21.05.2024."}], "lastModified": "2025-10-14T13:15:35.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:menulux:managment_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4A4E289-EF05-4422-8345-67A29FF7D76E", "versionEndIncluding": "21.05.2024"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}