| |
Vulnerability CVE-2020-5539
Published: 2020-03-02
| Description: |
GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors. |
Type:
CWE-639 (Authorization Bypass Through User-Controlled Key)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.4/10 |
4.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
None |
References: |
https://jvn.jp/en/jp/JVN73472345/index.html
https://www.grandit.jp/etc/20200228_letter.pdf
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
