Dutch
English
cve-publication
our findings

CVE Report August 2021

Joel Aviad Ossi
26 August, 2021

In August, two old reserved CVE numbers where allowed to be published by the manifacturer.

WebSec filed for a CVE update request at MITRE as more details is now allowed to be published.

Software - iPortalis

CVE-2020-9002 - Improper Input Validation

Description:
It was possible to change the user role from COMPANY_USER to DOMAIN_ADMIN which is a role which is not listed by default for lower privileged users, this resulted in privilege escalation.

CVE-2020-9000 - Uncontrolled Resource Consumption

Description:
It was possible to generate stack trace erros which increased the log size
on the server, the log file gets deleted after every 24 hours however this is sufficient time for an attacker to exhaust the server's memory using automated tools.

Authored By
Joel Aviad Ossi

Managing Director

Share with the world!

Need Security?

Are you really sure your organization is secure?

At WebSec we help you answer this question by performing advanced security assessments.

Want to know more? Schedule a call with one of our experts.

Schedule a call
Authored By
Joel Aviad Ossi

Managing Director