PT-2021-11919 · Pax Technology · Paxstore

Published

2021-05-07

Updated

2021-05-13

CVE-2020-36125

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Pax Technology PAXSTORE versions prior to 7.0.8 20200511171508

Description: The issue concerns incorrect access control, allowing password revalidation in sensitive operations to be bypassed remotely by an authenticated attacker. This can be achieved by requesting the endpoint directly.

Recommendations: For versions prior to 7.0.8 20200511171508, update to a version newer than 7.0.8 20200511171508 to resolve the issue. As a temporary workaround, consider restricting access to sensitive operations to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-36125

Affected Products

Paxstore

PT-2021-11919 · Pax Technology · Paxstore

CVE-2020-36125

Weakness Enumeration

Related Identifiers

Affected Products

References · 5