CVE-2020-13474
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM
4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0026
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
425
Direct Request ('Forced Browsing')
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Access Control
Potential Impacts:
Read Application Data
Modify Application Data
Execute Unauthorized Code Or Commands
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Express Accounts by Nchsoftware
Version Range Affected
To
8.24
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:nchsoftware:express_accounts:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cvewalkthrough.com/cve-2020-13474-nch-express-accounts-privilege-escala…
https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13474-nch-express-accounts…
https://cvewalkthrough.com/cve-2020-13474-nch-express-accounts-privilege-escala…
https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13474-nch-express-accounts…