CVE-2024-56114

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 Exploit Third Party Advisory
https://www.e-connectsolutions.com Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:henkel:canlineapp:1.1:*:*:*:*:*:*:*
History

24 Jun 2025, 14:20

Type Values Removed Values Added
First Time Henkel canlineapp
Henkel
CPE cpe:2.3:a:henkel:canlineapp:1.1:*:*:*:*:*:*:*
References () https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 - () https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 - Exploit, Third Party Advisory
References () https://www.e-connectsolutions.com - () https://www.e-connectsolutions.com - Product
CPE cpe:2.3:a:henkel:canlineapp:1.1:*:*:*:*:*:*:*
First Time Henkel canlineapp
Henkel
References () https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 - () https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 - Exploit, Third Party Advisory
References () https://www.e-connectsolutions.com - () https://www.e-connectsolutions.com - Product

16 Jan 2025, 19:15

Type Values Removed Values Added
Summary
  • (es) Canlineapp Online 1.1 es vulnerable a controles de acceso erróneos y permite que los usuarios con el rol de auditor creen una plantilla de auditoría como resultado de verificaciones de autorización incorrectas. Esta función está diseñada para el rol de supervisor, pero los auditores han podido crear plantillas de auditoría con éxito desde su cuenta.
CPE cpe:2.3:a:henkel:canlineapp:1.1:*:*:*:*:*:*:*
References () https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 - Exploit, Third Party Advisory () https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114 -
References () https://www.e-connectsolutions.com - Product () https://www.e-connectsolutions.com -
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-863

09 Jan 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-09 20:15

Updated : 2025-06-24 14:20

NVD link : CVE-2024-56114

Mitre link : CVE-2024-56114

CVE.ORG link : CVE-2024-56114

JSON object : View

Products Affected

henkel

  • canlineapp
CWE
CWE-863

Incorrect Authorization