PT-2016-6157 · Netcommons · Netcommons

Satoru Nagaoka

Published

2016-06-19

Updated

2016-06-21

CVE-2016-4813

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NetCommons versions 2.4.2.1 and earlier

Description The issue allows remote authenticated secretariat users to gain privileges by creating a SYSTEM ADMIN account.

Recommendations For NetCommons versions 2.4.2.1 and earlier, consider restricting access to account creation features for secretariat users until a patch is available.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-4813

Affected Products

Netcommons

PT-2016-6157 · Netcommons · Netcommons

CVE-2016-4813

Weakness Enumeration

Related Identifiers

Affected Products

References · 5