来源

关联漏洞

介绍

# CVE-2020-24029

------------------------------------------

## [Description]

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.

------------------------------------------

## [Important Dates]

- Announcement (to Vendor): 2020-07-12
- Public disclosure date: 2020-08-31

------------------------------------------

## [Vulnerability Type]

Incorrect Access Control

------------------------------------------

## [Vendor of Product]

ForLogic

------------------------------------------

## [Affected Product Code Base]

- Qualiex - v1
- Qualiex - v3
- Other versions may be affected, especially in the same family (not tested yet)

------------------------------------------

## [Affected Component]

Qualiex

------------------------------------------

## [Attack Type]

Remote

------------------------------------------

## [Impact Escalation of Privileges]

True

------------------------------------------

## [Impact Information Disclosure]

True

------------------------------------------

## [Attack Vectors]

Unauthenticated password changes publicly available without special requirements (only the correct request)

------------------------------------------

## [Has vendor confirmed or acknowledged the vulnerability?]

True

------------------------------------------

## [Discoverer]

Mauricio Santos (R&D UnderProtection), Claudemir Nunes (R&D UnderProtection) and Hesron Hori (R&D UnderProtection)

------------------------------------------

## [Thanks to]

Forlogic - Vendor's Information Security Team who collaborated to a coordinated disclosure

------------------------------------------

## [Reference]

- https://www.underprotection.com.br
- https://forlogic.net
- https://qualiex.com
- https://github.com/underprotection/CVE-2020-24029

文件快照

 [4.0K]  /data/pocs/e956a4d8a8252f3e907d096590dbba6bce419926
├── [ 11K]  LICENSE
└── [1.8K]  README.md

0 directories, 2 files

备注