CVE-2020-26506

Exploit

EPSS 0.16%
Veröffentlicht 05.11.2020 16:15:18
Zuletzt bearbeitet 21.11.2024 05:19:55
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Marmind ≫ Marmind Version4.1.141.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.33

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.marmind.com/en/

Product

https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-26506

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26506

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26506

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-26506