← Volver a CVEs
CVE-2021-25991
MEDIUM5.7
Descripcion
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.
Detalles CVE
Puntuacion CVSS v3.15.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado12/29/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
if-me:ifme
Debilidades (CWE)
CWE-284
Referencias
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923(vulnerabilitylab@mend.io)
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991(vulnerabilitylab@mend.io)
https://github.com/ifmeorg/ifme/commit/d1f570c458d41667df801fc9c40a18b181a2d923(af854a3a-2127-422b-91ae-364da2661108)
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25991(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.