CVE-2020-36926

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SmarterTrack version 7922

Description The software contains an information disclosure issue in the Chat Management search form. This allows unauthorized access to agent identification details, specifically agents' first and last names and their unique identifiers. Attackers can exploit this by accessing the /Management/Chat/frmChatSearch.aspx endpoint. The vulnerable parameter is not explicitly mentioned.

Recommendations Apply a fix to address the information disclosure in the Chat Management search form. Restrict access to the /Management/Chat/frmChatSearch.aspx endpoint.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497

Related Identifiers

CVE-2020-36926

Affected Products

Smartertools Smartertrack

Smartertrack

CVE-2020-36926

Weakness Enumeration

Related Identifiers

Affected Products

References · 7