CVE-2021-42331

Published: Oct 15, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: twcert@cert.org.tw (Secondary)

Description

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.

Affected (1)

Products: Xinheinformation: Xinhe Teaching Platform System

Xinheinformation

1 product

Xinhe Teaching Platform System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xinheinformation Xinhe Teaching Platform System	Version v2021

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.