CVE-2019-18623

Sažetak

Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.

Reference

https://energycap.freshdesk.com/helpdesk/attachments/31016649523
https://energycap.freshdesk.com/support/solutions/articles/31000152837-2019-october-24-security-incident-notification-issue-with-public-dashboards-found-and-resolved

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-11-2019 - 18:34

Objavljeno

08-11-2019 - 18:15