{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T01:30:01.936","vulnerabilities":[{"cve":{"id":"CVE-2024-24751","sourceIdentifier":"security-advisories@github.com","published":"2024-02-13T19:15:10.950","lastModified":"2026-06-17T07:14:47.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"sf_event_mgt es una extensión de registro y gestión de eventos para TYPO3 CMS basada en ExtBase y Fluid. En las versiones afectadas, la verificación de control de acceso existente para eventos en el módulo backend se rompió durante la actualización de la extensión a TYPO3 12.4, porque la función `RedirectResponse` de la función `$this->redirect()` nunca se manejó. Este problema se solucionó en la versión 7.4.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"derhansen","product":"sf_event_mgt","versions":[{"version":">= 7.0.0, < 7.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-02-15T16:23:48.302356Z","id":"CVE-2024-24751","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"},{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:derhansen:event_management_and_registration:7.0.0:*:*:*:*:typo3:*:*","matchCriteriaId":"F9EDEEAA-E3A5-4F9E-8B6F-76CBB5C0500F"}]}]}],"references":[{"url":"https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}