ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)

Posted by Andreas Sperber on Sep 15

# Security Advisory
ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958)
## Affected Product(s) and Environment(s)
Product: 1CRM <=8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System
ENT-8.6.6 and Startup+ Edition 8.5.15
Environments: All host environments
## Security Risk
Severity: High
CVSS v3: 8.6
## Impact
Confidentiality: High
Integrity: None
Availability: None
## Exploitability
Access Vector: Network
Access Complexity: Low…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)

Original Source

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

CACTUS Ransomware Victim: https://www[.]saglobal[.]com/

BianLian Ransomware Victim: Texas Retina Associates

Original Source

You may have missed

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

CACTUS Ransomware Victim: https://www[.]saglobal[.]com/

BianLian Ransomware Victim: Texas Retina Associates