PT-2021-20834 · Unknown · Ngeniusone

Published

2021-09-30

Updated

2022-07-12

CVE-2021-35202

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: nGeniusONE version 6.3.0 build 1196

Description: The issue allows for Authorization Bypass, enabling access to an endpoint in FDSQueryService.

Recommendations: For version 6.3.0 build 1196, consider restricting access to the FDSQueryService endpoint as a temporary workaround until a patch is available.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-35202

Affected Products

Ngeniusone

PT-2021-20834 · Unknown · Ngeniusone

CVE-2021-35202

Weakness Enumeration

Related Identifiers

Affected Products

References · 4