PT-2014-8618 · Jexperts · Jexperts Channel Platform

Luciano Pedreira

Published

2014-11-25

Updated

2014-11-26

CVE-2014-8558

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JExperts Channel Platform version 5.0.33 CCB

Description The issue allows remote authenticated users to bypass access restrictions. This is achieved by using crafted action and key parameters.

Recommendations For JExperts Channel Platform version 5.0.33 CCB, consider restricting access to sensitive areas until a fix is available, and avoid using crafted action and key parameters to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-8558

Affected Products

Jexperts Channel Platform

PT-2014-8618 · Jexperts · Jexperts Channel Platform

CVE-2014-8558

Weakness Enumeration

Related Identifiers

Affected Products

References · 3