CSRF Vulnerability in ICE Hrm 26.2.0 Affects User Creation
CVE-2020-9271

6.5MEDIUM

Key Information:

Vendor

Icehrm

Status
Vendor
CVE Published:
18 February 2020

What is CVE-2020-9271?

ICE Hrm version 26.2.0 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables unauthorized user account creation via the 'service.php' endpoint. This security flaw can be exploited by attackers to craft malicious requests that can lead to the proliferation of unwanted user accounts within the system, raising significant security concerns for organizations utilizing this product.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.