CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.034

EPSS Ranking 86.9%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

Products affected by CVE-2020-27358

Vanderbilt » Redcap » Version: 8.11.6

cpe:2.3:a:vanderbilt:redcap:8.11.6
Vanderbilt » Redcap » Version: 9.0

cpe:2.3:a:vanderbilt:redcap:9.0
Vanderbilt » Redcap » Version: 9.1

cpe:2.3:a:vanderbilt:redcap:9.1
Vanderbilt » Redcap » Version: 9.1.2

cpe:2.3:a:vanderbilt:redcap:9.1.2
Vanderbilt » Redcap » Version: 9.10.0

cpe:2.3:a:vanderbilt:redcap:9.10.0
Vanderbilt » Redcap » Version: 9.2.0

cpe:2.3:a:vanderbilt:redcap:9.2.0
Vanderbilt » Redcap » Version: 9.2.1

cpe:2.3:a:vanderbilt:redcap:9.2.1
Vanderbilt » Redcap » Version: 9.2.2

cpe:2.3:a:vanderbilt:redcap:9.2.2
Vanderbilt » Redcap » Version: 9.2.3

cpe:2.3:a:vanderbilt:redcap:9.2.3
Vanderbilt » Redcap » Version: 9.2.4

cpe:2.3:a:vanderbilt:redcap:9.2.4
Vanderbilt » Redcap » Version: 9.2.5

cpe:2.3:a:vanderbilt:redcap:9.2.5
Vanderbilt » Redcap » Version: 9.3.0

cpe:2.3:a:vanderbilt:redcap:9.3.0
Vanderbilt » Redcap » Version: 9.3.1

cpe:2.3:a:vanderbilt:redcap:9.3.1
Vanderbilt » Redcap » Version: 9.3.2

cpe:2.3:a:vanderbilt:redcap:9.3.2
Vanderbilt » Redcap » Version: 9.3.3

cpe:2.3:a:vanderbilt:redcap:9.3.3
Vanderbilt » Redcap » Version: 9.3.4

cpe:2.3:a:vanderbilt:redcap:9.3.4
Vanderbilt » Redcap » Version: 9.5.1

cpe:2.3:a:vanderbilt:redcap:9.5.1
Vanderbilt » Redcap » Version: 9.5.2

cpe:2.3:a:vanderbilt:redcap:9.5.2
Vanderbilt » Redcap » Version: 9.6.0

cpe:2.3:a:vanderbilt:redcap:9.6.0
Vanderbilt » Redcap » Version: 9.6.1

cpe:2.3:a:vanderbilt:redcap:9.6.1
Vanderbilt » Redcap » Version: 9.6.2

cpe:2.3:a:vanderbilt:redcap:9.6.2
Vanderbilt » Redcap » Version: 9.6.3

cpe:2.3:a:vanderbilt:redcap:9.6.3
Vanderbilt » Redcap » Version: 9.6.4

cpe:2.3:a:vanderbilt:redcap:9.6.4
Vanderbilt » Redcap » Version: 9.6.5

cpe:2.3:a:vanderbilt:redcap:9.6.5
Vanderbilt » Redcap » Version: 9.7.0

cpe:2.3:a:vanderbilt:redcap:9.7.0
Vanderbilt » Redcap » Version: 9.7.1

cpe:2.3:a:vanderbilt:redcap:9.7.1
Vanderbilt » Redcap » Version: 9.7.2

cpe:2.3:a:vanderbilt:redcap:9.7.2
Vanderbilt » Redcap » Version: 9.7.3

cpe:2.3:a:vanderbilt:redcap:9.7.3
Vanderbilt » Redcap » Version: 9.7.4

cpe:2.3:a:vanderbilt:redcap:9.7.4
Vanderbilt » Redcap » Version: 9.7.5

cpe:2.3:a:vanderbilt:redcap:9.7.5
Vanderbilt » Redcap » Version: 9.7.6

cpe:2.3:a:vanderbilt:redcap:9.7.6
Vanderbilt » Redcap » Version: 9.7.7

cpe:2.3:a:vanderbilt:redcap:9.7.7
Vanderbilt » Redcap » Version: 9.7.8

cpe:2.3:a:vanderbilt:redcap:9.7.8
Vanderbilt » Redcap » Version: 9.8.0

cpe:2.3:a:vanderbilt:redcap:9.8.0
Vanderbilt » Redcap » Version: 9.8.1

cpe:2.3:a:vanderbilt:redcap:9.8.1
Vanderbilt » Redcap » Version: 9.8.2

cpe:2.3:a:vanderbilt:redcap:9.8.2
Vanderbilt » Redcap » Version: 9.8.3

cpe:2.3:a:vanderbilt:redcap:9.8.3
Vanderbilt » Redcap » Version: 9.8.4

cpe:2.3:a:vanderbilt:redcap:9.8.4
Vanderbilt » Redcap » Version: 9.8.5

cpe:2.3:a:vanderbilt:redcap:9.8.5
Vanderbilt » Redcap » Version: 9.9.0

cpe:2.3:a:vanderbilt:redcap:9.9.0
Vanderbilt » Redcap » Version: 9.9.1

cpe:2.3:a:vanderbilt:redcap:9.9.1
Vanderbilt » Redcap » Version: 9.9.2

cpe:2.3:a:vanderbilt:redcap:9.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27358

Products

Pricing

Contact Us