PT-2019-15540 · Energycap · Energycap

Published

2019-11-08

Updated

2019-11-12

CVE-2019-18623

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EnergyCAP versions 7 through 7.5.6

Description The issue allows for escalation of privileges, enabling an attacker to access data. This occurs when an unauthenticated user clicks on a link on the public dashboard, causing the resource to open in EnergyCAP with access rights matching the user who created the dashboard.

Recommendations For EnergyCAP versions 7 through 7.5.6, consider restricting access to the public dashboard or limiting the creation of links that could be exploited by unauthenticated users until a fix is available.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2019-18623

Affected Products

Energycap

PT-2019-15540 · Energycap · Energycap

CVE-2019-18623

Weakness Enumeration

Related Identifiers

Affected Products

References · 4