Lucene search

K
cvelistRapid7CVELIST:CVE-2019-5644
HistoryNov 06, 2019 - 6:30 p.m.

CVE-2019-5644 C4G BLIS Improper Access Control

2019-11-0618:30:43
CWE-284
rapid7
www.cve.org
4
c4g blis
improper access control
unauthenticated user
user accounts

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.6%

Computing For Good’s Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and earlier suffers from an instance of CWE-284, “Improper Access Control.” As a result, an unauthenticated user may alter several facets of a user account, including promoting any user to an administrator.

CNA Affected

[
  {
    "product": "Basic Laboratory Information System",
    "vendor": "Computing For Good",
    "versions": [
      {
        "lessThanOrEqual": "3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.006

Percentile

78.6%

Related for CVELIST:CVE-2019-5644