Skip to content

underprotection/CVE-2020-24028

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2020-24028

[Description]

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.

[Important Dates]

  • Announcement (to Vendor): 2020-07-12
  • Public disclosure date: 2020-08-31

[Vulnerability Type]

Insecure Permissions

[Vendor of Product]

ForLogic

[Affected Product Code Base]

  • Qualiex - v1
  • Qualiex - v3
  • Other versions may be affected, especially in the same family (not tested yet)

[Affected Component]

Qualiex

[Attack Type]

Remote

[Impact Escalation of Privileges]

True

[Impact Information Disclosure]

True

[Attack Vectors]

Authenticated permission bypass permits password changes, user creation and privilege escalation on user's information update

[Has vendor confirmed or acknowledged the vulnerability?]

True

[Discoverer]

Mauricio Santos (R&D UnderProtection), Claudemir Nunes (R&D UnderProtection) and Hesron Hori (R&D UnderProtection)

[Thanks to]

Forlogic - Vendor's Information Security Team who collaborated to a coordinated disclosure

[Reference]

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published