ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-30T00:00:00
Updated: 2021-09-30T10:41:01
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41298
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-30T11:15:07.813
Modified: 2021-10-07T16:25:15.340
Link: CVE-2021-41298
JSON object: View
Redhat Information
No data.