CVE-2020-35737

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Ссылки

http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
Third Party Advisory
https://www.exploit-db.com/exploits/49378
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
Third Party Advisory
https://www.exploit-db.com/exploits/49378
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:newgensoft:egov:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10844

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rcj8-5g6r-c9cg

github

больше 3 лет назад