Lucene search

[email protected]CVE-2021-33223

HistoryJun 07, 2023 - 1:15 a.m.

CVE-2021-33223

2023-06-0701:15:38

CWE-639

[email protected]

web.nvd.nist.gov

cve-2021-33223

seeddms

privilege escalation

userid

role

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.

Affected configurations

NVD

Node

seeddmsseeddmsMatch6.0.15

CPENameOperatorVersion
seeddms:seeddmsseeddmseq6.0.15

CPE	Name	Operator	Version
seeddms:seeddms	seeddms	eq	6.0.15

References

sunil-singh.notion.site/SeedDMS-6-0-15-Insecure-Direct-Object-Reference-IDOR-ff504354656b47b2b0cee0b7a82ad08c

www.notion.so/SeedDMS-6-0-15-Incorrect-Access-Control-ff504354656b47b2b0cee0b7a82ad08c

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for CVE-2021-33223

cvelist1 prion1 nvd1