CVE-2015-1173

Published: Sep 16, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."

Affected (1)

Products: Unit4: Teta Web

Unit4

1 product

Teta Web

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Unit4 Teta Web	Up to 22.62.3.4

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Aug/68

Source: cve@mitre.org

http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Aug/68

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.