PT-2007-2670 · C1 Financial Services · C1 Financial Services Contelligent

Publicado

2007-03-03

Atualizado

2017-07-29

CVE-2007-1249

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions C1 Financial Services Contelligent version 9.1.4

Description The issue concerns the MoveSortedContentAction in C1 Financial Services Contelligent, which fails to check the additional environment security configuration. This oversight allows remote attackers with write permissions to reorder components.

Recommendations For version 9.1.4, consider restricting write permissions to prevent unauthorized component reordering until a patch is available. As a temporary workaround, review and monitor environment security configurations closely to minimize the risk of exploitation.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2007-1249

Produtos afetados

C1 Financial Services Contelligent

PT-2007-2670 · C1 Financial Services · C1 Financial Services Contelligent

CVE-2007-1249

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7