← Retour aux CVEs

CVE-2020-14944

CRITICAL

9.8

Description

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie6/22/2020

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

globalradar:bsa_radar

Faiblesses (CWE)

CWE-862

References

http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html(cve@mitre.org)

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities(cve@mitre.org)

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md(cve@mitre.org)

http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.