1. Home
  2. CVE Database
  3. CVE-2020-36890
HIGH · 7.2

CVE-2020-36890

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise globa...

Vulnerability Description

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
KenticoXperience<= 12.0.60

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2020-36890?

CVE-2020-36890 is a vulnerability with a CVSS score of 7.2 (HIGH). An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise globa...

How severe is CVE-2020-36890?

CVE-2020-36890 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36890?

Check the references section above for vendor advisories and patch information. Affected products include: Kentico Xperience.