CVE-2020-35737
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,1801
Percentile
0,9th
Updated
EPSS Score Trend (Last 90 Days)
Exploit
Newgen Correspondence Management System (corms) eGov 12.0 - …
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
View Exploit Code →
Application
Egov by Newgensoft
CPE Identifier
View Detailed Analysis
cpe:2.3:a:newgensoft:egov:12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-Sy…
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
https://www.exploit-db.com/exploits/49378
http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-Sy…
https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
https://www.exploit-db.com/exploits/49378