Описание
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 3.1.5 (включая)
cpe:2.3:a:adempiere:adempiere:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00566
Низкий
9 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
EPSS
Процентиль: 68%
0.00566
Низкий
9 Critical
CVSS2
Дефекты
NVD-CWE-Other