Access Control Vulnerability in NewBee Mall Product
CVE-2020-23449

7.5HIGH

Key Information:

Vendor: Newbee-mall Project
Status: Newbee-mall
Vendor: CVE Published:; 26 January 2021

Summary

The NewBee Mall application has a vulnerability related to improper access control in the NewBeeMallIndexConfigServiceImpl.java file. This flaw allows remote attackers to manipulate and gain inappropriate privileges over user information by exploiting userID parameters, enabling unauthorized modifications to user data without proper authentication.

References

https://github.com/newbee-ltd/newbee-mall/issues/35

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2021
Vulnerability Reserved
Aug 13, 2020