CVE-2020-28405

Published: Jan 29, 2021Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.

Affected (1)

Products: Iris: Star Practice Management

1 product

Star Practice Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Iris Star Practice Management	Version 2019.2.0.6

References (5)

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-28405

Source: cve@mitre.org

https://excellium-services.com/cert-xlm-advisory/CVE-2020-28405

Source: cve@mitre.org

Third Party Advisory

https://www.starpracticemanagement.com/

Source: cve@mitre.org

Product

https://excellium-services.com/cert-xlm-advisory/CVE-2020-28405

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.starpracticemanagement.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.