CVE-2020-14945

Опубликовано: 22 июн. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data.

Ссылки

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities
Third Party Advisory
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48649
Exploit
Third Party Advisory
VDB Entry
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities
Third Party Advisory
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14945%20-%20Privilege%20Escalation.md
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48649
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:globalradar:bsa_radar:*:*:*:*:*:*:*:*

Версия до 1.6.7234.24750 (включая)

EPSS

Процентиль: 95%

0.1585

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-hmf8-53x4-w3jj