CVE-2024-2412

Summary

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.

Affected Software

VendorProductVersion RangeStatus
HeimavistaRpageearlier version <= v5.4.103.20231111affected
HeimavistaEpageearlier version <= v3.0.106.20231112affected

Weaknesses

  • CWE-1220: CWE-1220: Insufficient Granularity of Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References