exploitDog

CVE-2020-23449

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

Ссылки

https://github.com/newbee-ltd/newbee-mall/issues/35
Exploit
Patch
Third Party Advisory
https://github.com/newbee-ltd/newbee-mall/issues/35
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:newbee-mall_project:newbee-mall:*:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-9fg6-4jc3-m2x8

github

больше 3 лет назад

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

EPSS

Процентиль: 43%

0.00206

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639