|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-04-01 | |
| Rule Name: | BSA Radar 1.6.7234.24750 Cross-Site Scripting Vulnerability (CVE-2020-14944) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md |