exploitDog

CVE-2020-35577

Опубликовано: 18 фев. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).

Ссылки

https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-35577
Third Party Advisory
https://www.endalia.com/en/software/
Product
https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-35577
Third Party Advisory
https://www.endalia.com/en/software/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:endalia:selection_portal:4.205.0:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00887

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-233g-v6pm-h695

github

около 3 лет назад

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).

EPSS

Процентиль: 74%

0.00887

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-Other