CVE-2018-13791

Published: Jul 9, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.

Affected (7)

Products: Abbyy: Flexicapture

Abbyy

1 product

Flexicapture

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Abbyy Flexicapture	Version 12.0.1.263
Abbyy Flexicapture	Version 12.0.1.267
Abbyy Flexicapture	Version 12.0.1.282
Abbyy Flexicapture	Version 12.0.1.292
Abbyy Flexicapture	Version 12.0.1.367
Abbyy Flexicapture	Version 12.0.1.428
Abbyy Flexicapture	Version 12.0.1.475

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf

Source: cve@mitre.org

Release NotesVendor Advisory

http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.