Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38447 | 1 Ncia | 1 Advisor Network | 2025-06-20 | N/A | 8.1 HIGH |
| NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user). | |||||
| CVE-2024-38446 | 1 Ncia | 1 Advisor Network | 2025-06-20 | N/A | 6.5 MEDIUM |
| NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request. | |||||
| CVE-2023-31441 | 1 Ncia | 1 Advisor Network | 2024-11-21 | N/A | 5.5 MEDIUM |
| In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution. | |||||