Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
References
Link | Resource |
---|---|
https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/ | Exploit Third Party Advisory |
https://marketing.paxtechnology.com/about-pax | Product |
https://www.whatspos.com/ | Product |
Configurations
History
13 May 2021, 15:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
References | (MISC) https://marketing.paxtechnology.com/about-pax - Product | |
References | (MISC) https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/ - Exploit, Third Party Advisory | |
References | (MISC) https://www.whatspos.com/ - Product | |
CPE | cpe:2.3:a:paxtechnology:paxstore:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 7.1 |
07 May 2021, 18:30
Type | Values Removed | Values Added |
---|
07 May 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-07 11:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-36125
Mitre link : CVE-2020-36125
CVE.ORG link : CVE-2020-36125
JSON object : View
Products Affected
paxtechnology
- paxstore
CWE
CWE-306
Missing Authentication for Critical Function