CVE-2020-25917

Name of the Vulnerable Software and Affected Versions Stratodesk NoTouch Center versions prior to 4.4.68

Description The issue is related to incorrect access control, allowing a low-privileged user, such as one with "helpdesk" privileges, to perform privileged operations. This includes adding a new administrator to the platform via the "easyadmin/user/submitCreateTCUser.do" page.

Recommendations For versions prior to 4.4.68, update to version 4.4.68 or later to resolve the issue. As a temporary workaround, consider restricting access to the "easyadmin/user/submitCreateTCUser.do" page to prevent low-privileged users from performing privileged operations.