9.8

CVE-2020-14944

Exploit

EPSS 11.8%
Veröffentlicht 22.06.2020 22:15:12
Zuletzt bearbeitet 21.11.2024 05:04:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Globalradar ≫ Bsa Radar Version <= 1.6.7234.24750

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.8%	0.934

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities

Third Party Advisory

http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html

Third Party Advisory

Exploit

VDB Entry

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-14944

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14944

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14944

EUVD