CVE-2021-42332

Published: Oct 15, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: twcert@cert.org.tw (Secondary)

Description

The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.

Affected (1)

Products: Xinheinformation: Xinhe Teaching Platform System

Xinheinformation

1 product

Xinhe Teaching Platform System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xinheinformation Xinhe Teaching Platform System	Version v2021

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.twcert.org.tw/tw/cp-132-5202-49681-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-5202-49681-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.