CVE-2020-35737 Information

Description

In Correspondence Management System (corms) in Newgen eGov 12.0 an attacker can modify other users’ profile information by manipulating the unvalidated UserIndex parameter aka Insecure Direct Object Reference.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486 http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html https://www.exploit-db.com/exploits/49378

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5