来源

关联漏洞

介绍

# CVE-2020-24028

------------------------------------------

## [Description]

ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates.

------------------------------------------

## [Important Dates]

- Announcement (to Vendor): 2020-07-12
- Public disclosure date: 2020-08-31

------------------------------------------

## [Vulnerability Type]

Insecure Permissions

------------------------------------------

## [Vendor of Product]

ForLogic

------------------------------------------

## [Affected Product Code Base]

- Qualiex - v1
- Qualiex - v3
- Other versions may be affected, especially in the same family (not tested yet)

------------------------------------------

## [Affected Component]

Qualiex

------------------------------------------

## [Attack Type]

Remote

------------------------------------------

## [Impact Escalation of Privileges]

True

------------------------------------------

## [Impact Information Disclosure]

True

------------------------------------------

## [Attack Vectors]

Authenticated permission bypass permits password changes, user creation and privilege escalation on user's information update

------------------------------------------

## [Has vendor confirmed or acknowledged the vulnerability?]

True

------------------------------------------

## [Discoverer]

Mauricio Santos (R&D UnderProtection), Claudemir Nunes (R&D UnderProtection) and Hesron Hori (R&D UnderProtection)

------------------------------------------

## [Thanks to]

Forlogic - Vendor's Information Security Team who collaborated to a coordinated disclosure

------------------------------------------

## [Reference]

- https://www.underprotection.com.br
- https://forlogic.net
- https://qualiex.com
- https://github.com/underprotection/CVE-2020-24028

文件快照

 [4.0K]  /data/pocs/df232331cdcc988bb93c565fb89cebd393b9d8b4
├── [ 11K]  LICENSE
└── [1.8K]  README.md

0 directories, 2 files

备注