Inova Partner Authorization Bypass Vulnerability (CNVD-2019-08310)

Inova Partner is a CRM solution for biotech, pharmaceutical and other life science companies. An authorization bypass vulnerability exists in 5.0.5-RELEASE, Build 0510-0906 and earlier versions of Inova Partner, which can be exploited by an attacker to access restricted functionality...

Authorization

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...

CVE-2018-15693

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass via insecure direct object reference...

CVE-2018-15692

Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions...