Vulnerability Description
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Newgensoft | Egov | 12.0 |
References
- http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-SysExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486Third Party Advisory
- https://www.exploit-db.com/exploits/49378ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-SysExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486Third Party Advisory
- https://www.exploit-db.com/exploits/49378ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2020-35737?
CVE-2020-35737 is a vulnerability with a CVSS score of 7.5 (HIGH). In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object...
How severe is CVE-2020-35737?
CVE-2020-35737 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35737?
Check the references section above for vendor advisories and patch information. Affected products include: Newgensoft Egov.