CVE-2021-3339 Information

Description

ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group as demonstrated by the Search Screen and the Profile Screen.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://4sightwebsite.azurewebsites.net/mf_releaseNotes https://appsource.microsoft.com/en-us/product/web-apps/acctech-systems-pty-ltd.modernflow-saas?tab=overview

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3