He Wei

**Name of the Vulnerable Software and Affected Versions** MISP (affected versions not specified) **Description** An incorrect authorization issue allows an organization administrator to target site administrator accounts within the same organization using the administrative email functionality. The system fails to exclude accounts with the site administrator role from recipient queries, enabling an organization administrator to perform privileged account-management actions, such as initiating a password reset workflow, against higher-privileged accounts. Successful exploitation can lead to account takeover, privilege escalation, and full compromise of the instance's confidentiality, integrity, and availability. The attacker must be authenticated as an organization administrator in the same organization as the target site administrator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.