9.8

CVE-2019-18642

EPSS 0.41%
Veröffentlicht 07.01.2021 21:15:11
Zuletzt bearbeitet 21.11.2024 04:33:26
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sparkdevnetwork ≫ Rock Rms Version < 8.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.585

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://packetstormsecurity.com/files/160766/Rock-RMS-File-Upload-Account-Takeover-Information-Disclosure.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-18642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18642

EUVD