CSRF Vulnerability in Star Practice Management Web by Star Software
CVE-2020-28403

8.8HIGH

Key Information:

Vendor: Iris
Status: Star
Vendor: CVE Published:; 29 January 2021

What is CVE-2020-28403?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Star Practice Management Web version 2019.2.0.6. This security flaw allows attackers to exploit the application by manipulating user privileges without their consent. By leveraging this vulnerability, an attacker could potentially elevate their access rights to an administrative role or revoke administrative access from legitimate users, posing significant risks to the application's integrity and security.

References

https://www.starpracticemanagement.com/

https://excellium-services.com/cert-xlm-advisory/CVE-2020...

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-28403

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2021
Vulnerability Reserved
Nov 10, 2020

JSON

Iris

What is CVE-2020-28403?

References

CVSS V3.1

Timeline