Aggregates CVE and security vulnerability intelligence across all ncia-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption, with potential vendor impact memory corruption and vendor impact application crash across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-38447 | NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user). | [email protected] | 8.1 | 0.27% | 2024-07-17 | 2025-06-20 |
| CVE-2024-38446 | NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user (without their consent or knowledge) via a modified UUID in a POST request. | [email protected] | 6.5 | 0.21% | 2024-07-17 | 2025-06-20 |
| CVE-2023-31441 | In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution. | [email protected] | 5.5 | 0.04% | 2023-07-18 | 2024-11-21 |