UNIT4TETA TETA WEB - Authorization Bypass vulnerability

2015.08.19
Credit: Lukasz Miedziński
Risk: High
Local: No
Remote: Yes
CVE: CVE-2015-1173
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Title: UNIT4TETA TETA WEB - Authorization Bypass vulnerability Author: Lukasz Miedziński Date: 08. January 2015 CVE: CVE-2015-1173 Affected software : =================== UNIT4TETA TETA WEB 22.62.3.4 - newest version Older versions are probably affected too. Exploit was tested on : ====================== UNIT4TETA TETA WEB 22.62.3.4 - newest version Description : ============= TETA Web (former TETA Galactica) is an Internet platform interoperating with TETA HR (former TETA Personnel) application. It provides support for the HR departments of small, medium and very large companies. With this platform managers obtain a tool for effective management of subordinate business units, and HR departments can transfer some of their tasks, such as generating reports and printouts, monitoring leave days numbers and periodic examination dates, to employees and their supervisors. Vulnerabilities : ***************** Authorization Bypass : ================================ Description: Unauthorized users are able to manipulate received parameters and get privileges to modules: - Design Mode - Debug Logger mode Vulnerability is confirmed by Vendor. Patch is released Contact : ========= Lukasz[dot]Miedzinski[at]gmail[dot]com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top