CVE-2021-34369

Опубликовано: 09 июн. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.

Ссылки

http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7
Third Party Advisory
http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html
Exploit
Third Party Advisory
VDB Entry
https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:*

Версия до 20.1 (включая)

EPSS

Процентиль: 91%

0.06771

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-vf96-5gw2-gvj4