PT-2020-15620 · Forlogic · Qualiex

Claudemir Nunes

Published

2020-09-02

Updated

2025-10-14

CVE-2020-24028

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ForLogic Qualiex versions v1 through v3

Description The issue allows any authenticated customer to achieve privilege escalation through various means such as creating users, changing passwords, or updating user permissions.

Recommendations For versions v1 through v3, consider restricting access to user creation, password change, and user permission update features until a fix is available. As a temporary workaround, limit the privileges of authenticated customers to prevent escalation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-24028

Affected Products

Qualiex

PT-2020-15620 · Forlogic · Qualiex

CVE-2020-24028

Related Identifiers

Affected Products

References · 6