CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
84.1%
# Exploit Title: Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
# Date: 29 Dec 2020
# Exploit Author: ALI AL SINAN
# Vendor Homepage: https://newgensoft.com
# Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/
# Version: eGov 12.0
# Tested on: JBoss EAP 7
# CVE : CVE-2020-35737
-----------------------------------------------------
Description:
Correspondence management is the process of handling official incoming and outgoing correspondence in government agencies. The word βcorrespondenceβ in this context refers to physical letters, direct e-delivery, emails and faxes along with all their attachments that are received by the government agencies.
-----------------------------------------------------
Vulnerability:
Affected URL:
http://server/corms/dist/#/web/home/workdesk/inbox
Vulnerability Description:
user can manipulate parameter βUserIndexβ in personal setting page. this parameter can allow un-authorized access to view or change other user's personal information.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
84.1%