This page lists publicly disclosed CVE vulnerabilities affecting ncia advisor_network (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-38447 | NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user). | [email protected] | 8.1 | 0.27% | 2024-07-17 | 2025-06-20 |
| CVE-2024-38446 | NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request. | [email protected] | 6.5 | 0.21% | 2024-07-17 | 2025-06-20 |
| CVE-2023-31441 | In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution. | [email protected] | 5.5 | 0.04% | 2023-07-18 | 2024-11-21 |