Описание
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:subex:roc_partner_settlement:10.5:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00591
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters.
EPSS
Процентиль: 69%
0.00591
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-639