CVE-2020-9002

Sažetak

An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).

Reference

https://websec.nl/blog/6127847280e759c7d31286d0/cve%20report%20august%202021/
https://websec.nl/blog/

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-09-2021 - 16:21

Objavljeno

01-09-2021 - 11:15