Vulnerability Details CVE-2021-3339
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- https://4sightwebsite.azurewebsites.net/mf_releaseNotes
- https://appsource.microsoft.com/en-us/product/web-apps/acctech-systems-pty-ltd.modernflow-saas?tab=overview
- https://4sightwebsite.azurewebsites.net/mf_releaseNotes
- https://appsource.microsoft.com/en-us/product/web-apps/acctech-systems-pty-ltd.modernflow-saas?tab=overview
Products affected by CVE-2021-3339
-
cpe:2.3:a:microsoft:modernflow:*