PT-2023-11442 · Unknown · Searchblox
Published
2023-09-06
·
Updated
2023-09-11
·
CVE-2020-10130
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SearchBlox versions prior to 9.1
Description
The issue allows a user to bypass business logic and create multiple super admin users in the system. This can be exploited by manipulating the system's user creation mechanism.
Recommendations
For versions prior to 9.1, update to version 9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the user creation functionality to prevent unauthorized creation of super admin users.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Searchblox