CVE-2021-42337

Published: Nov 16, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.

Affected (1)

Products: Aifu: Cashier Accounting Management System

Aifu

1 product

Cashier Accounting Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Aifu Cashier Accounting Management System	All versions

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.twcert.org.tw/tw/cp-132-5296-cbf80-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-5296-cbf80-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.