CVE-2021-45222

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.

Ссылки

https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview
Patch
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-029.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053
Third Party Advisory
https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview
Patch
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-029.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00429

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-m7h4-hg4x-w57p