CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-9002

An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.0%

CVSS Severity

CVSS v3 Score 9.6

CVSS v2 Score 6.0

References

https://websec.nl/blog/
https://websec.nl/blog/6127847280e759c7d31286d0/cve%20report%20august%202021/
https://websec.nl/blog/
https://websec.nl/blog/6127847280e759c7d31286d0/cve%20report%20august%202021/

Products affected by CVE-2020-9002

Iportalis » Iportalis Control Portal » Version: 7.1.13.0

cpe:2.3:a:iportalis:iportalis_control_portal:7.1.13.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9002

Products

Pricing

Contact Us