CVE-2024-28144— Broken Access Control

EPSS 0.08% · P24 Updated Nov 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-28144

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Broken Access Control

Source: NVD (National Vulnerability Database)

Vulnerability Description

An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

会话固定

Source: NVD (National Vulnerability Database)

Vulnerability Title

Image Access Scan2Net 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Image Access Scan2Net是德国Image Access公司的一款扫描软件。 Image Access Scan2Net 7.40及之前版本、7.42及之前版本和7.42B之前版本存在安全漏洞，该漏洞源于自行开发的会话管理存在缺陷，攻击者可以伪造登录用户的IP地址和用户代理，从而接管会话。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Image Access GmbH	Scan2Net	0 ~ 7.42B	-

II. Public POCs for CVE-2024-28144

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-28144

请登录查看更多情报信息。

Same Patch Batch · Image Access GmbH · 2024-12-12 · 9 CVEs total

CVE-2024-36494		Reflected Cross Site Scripting
CVE-2024-36498		Stored cross site scripting
CVE-2024-28143		Insecure Password Change Function
CVE-2024-28145		Unauthenticated SQL Injection
CVE-2024-28146		Hardcoded credentials
CVE-2024-28142		Stored cross site scripting
CVE-2024-50584		SQL Injection
CVE-2024-47947		Stored cross site scripting

IV. Related Vulnerabilities

Same product: Scan2Net

Same vendor: Image Access GmbH

Same weakness: CWE-384

V. Comments for CVE-2024-28144

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-28144— Broken Access Control

I. Basic Information for CVE-2024-28144

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-28144

III. Intelligence Information for CVE-2024-28144

Same Patch Batch · Image Access GmbH · 2024-12-12 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-28144

Leave a comment