CVE-2020-25917
HIGH WAF: Low
CVSS 8.8
Published: 2020-12-26
CWE-862
Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.
WAF Coverage Analysis
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| stratodesk | notouch_center | up to 4.4.68 |
References
- packetstormsecurity.com (Exploit, Third Party Advisory, VDB Entry)