Dutch
English
Dit artikel is alleen beschikbaar in het English
cve-publication
our findings

CVE Report August 2021

Joel Aviad Ossi
26 August, 2021

In August, two old reserved CVE numbers where allowed to be published by the manifacturer.

WebSec filed for a CVE update request at MITRE as more details is now allowed to be published.

Software - iPortalis

CVE-2020-9002 - Improper Input Validation

Description:
It was possible to change the user role from COMPANY_USER to DOMAIN_ADMIN which is a role which is not listed by default for lower privileged users, this resulted in privilege escalation.

CVE-2020-9000 - Uncontrolled Resource Consumption

Description:
It was possible to generate stack trace erros which increased the log size
on the server, the log file gets deleted after every 24 hours however this is sufficient time for an attacker to exhaust the server's memory using automated tools.

Authored By
Joel Aviad Ossi

Managing Director

Deel met de wereld!

Beveiligingsbehoeften?

Bent u er echt zeker van dat uw organisatie veilig is?

Bij WebSec helpen we u deze vraag te beantwoorden door geavanceerde beveiligingsbeoordelingen uit te voeren.

Wil je meer weten? Plan een gesprek in met een van onze experts.

Afspraak Inplannen
Authored By
Joel Aviad Ossi

Managing Director