Vulnerability Description
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Globalradar | Bsa Radar | <= 1.6.7234.24750 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-ExploitThird Party AdvisoryVDB Entry
- https://github.com/wsummerhill/BSA-Radar_CVE-VulnerabilitiesThird Party Advisory
- https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-202ExploitThird Party Advisory
- http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-ExploitThird Party AdvisoryVDB Entry
- https://github.com/wsummerhill/BSA-Radar_CVE-VulnerabilitiesThird Party Advisory
- https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-202ExploitThird Party Advisory
FAQ
What is CVE-2020-14944?
CVE-2020-14944 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The...
How severe is CVE-2020-14944?
CVE-2020-14944 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14944?
Check the references section above for vendor advisories and patch information. Affected products include: Globalradar Bsa Radar.