Lucene search

[email protected]CVE-2020-23449

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-23449

2021-01-2618:15:42

CWE-639

[email protected]

web.nvd.nist.gov

cve

2020

23449

incorrect access control

remotely gain privileges

newbee-mall

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

Affected configurations

NVD

Node

newbee-mall_projectnewbee-mall

CPENameOperatorVersion
newbee-mall_project:newbee-mallnewbee-mall project newbee-malleq*

CPE	Name	Operator	Version
newbee-mall_project:newbee-mall	newbee-mall project newbee-mall	eq	*

References

github.com/newbee-ltd/newbee-mall/issues/35

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for CVE-2020-23449

prion1 cvelist1 nvd1