CVE-2020-13923 Information

Description

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://lists.apache.org/thread.html/r2e669797c1ea08562253239d2dc4192d951945e0c36cb0754f5394a6@3Cannounce.apache.org3E https://lists.apache.org/thread.html/rac7e36c3daa60dd4b813f72942921b4fad71da821480ebcea96ecea1@3Cnotifications.ofbiz.apache.org3E https://s.apache.org/chokl

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3