CVE•Published 2024-03-20•Modified 2026-07-09•1 article on news•6 live references•NVD data
CVE-2024-28735Unit4 · Financials_by_coda
Vulnerability data via NVD (ingested)
CVSS v3.1
8.1
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS percentile
50
Exploit Prediction Scoring System · top 50% of all CVEs
Weaknesses (CWE)
Description
Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of the application via a crafted request.
Timeline
Published 2024-03-20
Modified 2026-07-09
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2024-28735Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Unit4 Financials By Coda"All exposed Unit4 Financials By Coda instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Financials By Coda"HTTP body or banner mentions "Financials By Coda" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2024-28735Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2024-28735Censys host search filtered to this CVE id.
grep.app
CVE-2024-28735Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2024-28735GitHub code search for direct mentions.
Google dork
"CVE-2024-28735" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.