{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T03:35:12.759","vulnerabilities":[{"cve":{"id":"CVE-2024-4538","sourceIdentifier":"cve-coordination@incibe.es","published":"2024-05-07T12:15:10.030","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data."},{"lang":"es","value":"Vulnerabilidad IDOR en Janto Ticketing Software que afecta a la versión 4.3r10. Esta vulnerabilidad podría permitir que un usuario remoto obtenga una entrada para un evento mediante la creación de una solicitud específica con el ID de referencia de la entrada, lo que provocaría la exposición de datos confidenciales del usuario."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software","source":"cve-coordination@incibe.es"},{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janto-ticketing-software","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}