CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to > execute arbitrary commands via crafted web requests.
DATAGERRY v2.2 lacks access control in the REST API for the following endpoints: - /rest/users/<id>/settings/ (GET, POST) - /rest/users/<id>/settings/<setting> (DELETE, PUT) This allows an attacker to read settings, create settings, delete settings, and update settings of…