Vulnerability Details CVE-2021-37215
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References