ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)

September 15, 2020

Posted by Andreas Sperber on Sep 15

# Security Advisory
ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958)
## Affected Product(s) and Environment(s)
Product: 1CRM <=8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System
ENT-8.6.6 and Startup+ Edition 8.5.15
Environments: All host environments
## Security Risk
Severity: High
CVSS v3: 8.6
## Impact
Confidentiality: High
Integrity: None
Availability: None
## Exploitability
Access Vector: Network
Access Complexity: Low…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Tags: , , , , , , , , ,

You may have missed

hkcert

Ubuntu Linux Kernel Multiple Vulnerabilities

July 14, 2025
cybercrime

Amd Warns Of New Meltdown, Spectre Like Bugs Affecting Cpus

July 14, 2025
cybercrime

You Have A Fake North Korean It Worker Problem Here’s How To Stop It

July 14, 2025
cybercrime

Ai Coding Tools Make Developers Slower But They Think They’re Faster, Studyfinds

July 14, 2025
cybercrime

How To Trick Chatgpt Into Revealing Windows Keys? I Give Up

July 14, 2025