CVE-2020-26506

{"id": "CVE-2020-26506", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-11-05T16:15:18.253", "references": [{"url": "https://www.marmind.com/en/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.marmind.com/en/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-670"}, {"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI."}, {"lang": "es", "value": "Una vulnerabilidad de Omisi\u00f3n de Autorizaci\u00f3n en la aplicaci\u00f3n web Marmind con versi\u00f3n 4.1.141.0, permite a usuarios con privilegios m\u00e1s bajos conseguir el control de los archivos cargados por los usuarios administrativos. Los archivos accedidos no eran visibles para usuarios pocos privilegiados en la GUI web"}], "lastModified": "2024-11-21T05:19:55.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marmind:marmind:4.1.141.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49F5DD96-2509-4803-A458-9382C87879AB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}