Incorrect Resource Transfer Between Spheres

CVE-2020-25917

Medium

6.5/10

Summary

Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-669 - Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References

Advisory Timeline

Published Dec 26, 2020

Incorrect Resource Transfer Between Spheres

CVE-2020-25917

Summary

CWE-669 - Incorrect Resource Transfer Between Spheres

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS