Описание
An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:iportalis:iportalis_control_portal:7.1.13.0:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00314
Низкий
9.6 Critical
CVSS3
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).
EPSS
Процентиль: 54%
0.00314
Низкий
9.6 Critical
CVSS3
7.5 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-20