CVE-2021-42337 - CERT CVE

  1. CVE-2021-42337

ID CVE-2021-42337
Sažetak The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.
Reference
CVSS
Base: 4.0
Impact: 2.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL NONE NONE
CVSS vektor AV:N/AC:L/Au:S/C:P/I:N/A:N
Zadnje važnije ažuriranje 09-08-2022 - 14:40
Objavljeno 16-11-2021 - 02:15