Vulnerability Details CVE-2021-34369
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.068
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html
- https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7
- http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html
- https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7
Products affected by CVE-2021-34369
-
cpe:2.3:a:accela:civic_platform:-
-
cpe:2.3:a:accela:civic_platform:19.2
-
cpe:2.3:a:accela:civic_platform:20.1