CVE-2024-56883

HighPublic PoC

Published: 18 February 2025

Published

18 February 2025

Modified

25 September 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0306 86.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56883 is a high-severity Improper Access Control (CWE-284) vulnerability in Sagedpw Sage Dpw. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 13.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly requires server-side enforcement of role-based access controls to prevent low-privileged users from creating external courses for others via modified requests.

AC-25 Reference Monitor good match

prevent

Mandates a reference monitor mechanism to mediate and enforce all access decisions tamper-proof, blocking bypasses of access controls through parameter tampering.

SI-10 Information Input Validation good match

prevent

Ensures validation of manipulated input parameters like user ID against the authenticated user's role, preventing unauthorized course creation exploits.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Broken server-side access control (IDOR-style parameter tampering) lets low-priv users perform actions reserved for higher-privileged accounts, directly constituting exploitation for privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they…

do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.

Deeper analysisAI

CVE-2024-56883 is an Incorrect Access Control vulnerability (CWE-284) in Sage DPW versions prior to 2024_12_001. The flaw arises because role-based access controls are not consistently enforced on the server side, allowing unauthorized actions despite UI restrictions.

Low-privileged users with employee role privileges can exploit the vulnerability over the network with low complexity and no user interaction required. By capturing a valid course creation request and modifying the "id" parameter to replace their own user ID with that of another employee, attackers can create external courses on behalf of other users. This results in high confidentiality and integrity impacts, as reflected in the CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Advisories recommend updating to Sage DPW version 2024_12_001 or later to mitigate the issue. Additional details are available in the writeup at https://cves.at/posts/cve-cve-2024-56883/writeup/.