PT-2022-16296 · Starwind · Starwind Command Center
Published
2022-01-24
·
Updated
2022-12-09
·
CVE-2022-23858
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
StarWind Command Center versions prior to V2 build 6021
StarWind Command Center build 6003 v2
Description
A flaw was found in the REST API, allowing an improperly handled REST API call to elevate privileges up to the system account for any logged-in user. This can enable an authenticated read-only user to gain administrator privileges.
Recommendations
For StarWind Command Center build 6003 v2, update to a version after V2 build 6021 to resolve the issue.
For StarWind Command Center versions prior to V2 build 6021, update to V2 build 6021 or later to fix the privilege elevation flaw.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Starwind Command Center