PT-2019-15540 · Energycap · Energycap

Publicado

2019-11-08

Atualizado

2019-11-12

CVE-2019-18623

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EnergyCAP versions 7 through 7.5.6

Description The issue allows for escalation of privileges, enabling an attacker to access data. This occurs when an unauthenticated user clicks on a link on the public dashboard, causing the resource to open in EnergyCAP with access rights matching the user who created the dashboard.

Recommendations For EnergyCAP versions 7 through 7.5.6, consider restricting access to the public dashboard or limiting the creation of links that could be exploited by unauthenticated users until a fix is available.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2019-18623

Produtos afetados

Energycap

PT-2019-15540 · Energycap · Energycap

CVE-2019-18623

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4