CVE-2022-30760

Sažetak

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

Reference

https://wiki.ihb-eg.de/doku.php/releasenotes/fn2web2.04.09
https://homepage.ruhr-uni-bochum.de/Christian.Krug-q97/CVE-2022-30760.html

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-06-2022 - 19:57

Objavljeno

09-06-2022 - 16:15