| |
Vulnerability CVE-2021-42332
Published: 2021-10-15
| Description: |
The ??List View? function of ShinHer StudyOnline System is not under authority control. After logging in with user??s privilege, remote attackers can access the content of other users?? message boards by crafting URL parameters. |
Type:
CWE-285 (Improper Authorization)
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://www.twcert.org.tw/tw/cp-132-5202-49681-1.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
