{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T04:21:48.874","vulnerabilities":[{"cve":{"id":"CVE-2024-13040","sourceIdentifier":"twcert@cert.org.tw","published":"2024-12-31T02:15:06.303","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation."},{"lang":"es","value":"QOCA aim de Quanta Computer tiene una vulnerabilidad de omisión de autorización mediante clave controlada por el usuario. Al controlar el parámetro de identificación del usuario, los atacantes remotos con privilegios normales podrían acceder a ciertas funciones como cualquier usuario, modificar la información y los privilegios de la cuenta de cualquier usuario, lo que provocaría una escalada de privilegios."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-8337-7899f-2.html","source":"twcert@cert.org.tw"},{"url":"https://www.twcert.org.tw/tw/cp-132-8336-aa03b-1.html","source":"twcert@cert.org.tw"}]}}]}