Vulnerability Details CVE-2019-18623
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://energycap.freshdesk.com/helpdesk/attachments/31016649523
- https://energycap.freshdesk.com/support/solutions/articles/31000152837-2019-october-24-security-incident-notification-issue-with-public-dashboards-found-and-resolved
- https://energycap.freshdesk.com/helpdesk/attachments/31016649523
- https://energycap.freshdesk.com/support/solutions/articles/31000152837-2019-october-24-security-incident-notification-issue-with-public-dashboards-found-and-resolved
Products affected by CVE-2019-18623
-
cpe:2.3:a:energycap:energycap:7.0.0
-
cpe:2.3:a:energycap:energycap:7.0.1
-
cpe:2.3:a:energycap:energycap:7.0.3
-
cpe:2.3:a:energycap:energycap:7.0.5
-
cpe:2.3:a:energycap:energycap:7.0.6
-
cpe:2.3:a:energycap:energycap:7.1.0
-
cpe:2.3:a:energycap:energycap:7.1.2
-
cpe:2.3:a:energycap:energycap:7.1.4
-
cpe:2.3:a:energycap:energycap:7.2.0
-
cpe:2.3:a:energycap:energycap:7.2.2
-
cpe:2.3:a:energycap:energycap:7.3.0
-
cpe:2.3:a:energycap:energycap:7.3.1
-
cpe:2.3:a:energycap:energycap:7.3.2
-
cpe:2.3:a:energycap:energycap:7.3.6
-
cpe:2.3:a:energycap:energycap:7.3.7
-
cpe:2.3:a:energycap:energycap:7.4
-
cpe:2.3:a:energycap:energycap:7.5
-
cpe:2.3:a:energycap:energycap:7.5.4
-
cpe:2.3:a:energycap:energycap:7.5.5
-
cpe:2.3:a:energycap:energycap:7.5.6