PT-2025-52298 · Kentico · Kentico Xperience
Published
2025-12-18
·
Updated
2025-12-19
·
CVE-2020-36890
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Kentico Xperience (affected versions not specified)
Description
An access control bypass exists in Kentico Xperience that allows modification of global administrator user privileges through unauthorized requests. Exploitation could lead to compromise of global administrator accounts and invalidation of security-sensitive macros by manipulating user privilege levels. The vulnerability involves the ability to alter user privilege levels.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kentico Xperience