PT-2019-12977 · Generalitat De Catalunya · Accesuniversitat.Gencat.Cat

Avm99963

Published

2019-12-31

Updated

2021-07-21

CVE-2019-12837

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions accesuniversitat.gencat.cat version 1.7.5

Description The Java API in the affected software allows remote attackers to obtain personal information of all registered students via several API endpoints.

Recommendations For version 1.7.5, consider restricting access to the API endpoints until a patch is available. As a temporary workaround, limit the information that can be retrieved through the API to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-706

Related Identifiers

CVE-2019-12837

Affected Products

Accesuniversitat.Gencat.Cat

PT-2019-12977 · Generalitat De Catalunya · Accesuniversitat.Gencat.Cat

CVE-2019-12837

Weakness Enumeration

Related Identifiers

Affected Products

References · 3