Vulnerabilities > CVE-2015-2858 - Authorization Bypass vulnerability in Datalex

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

datalex

NVD

Published: 2015-10-02

Updated: 2015-10-02

Summary

Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfirmEditAddressAction.do. <a href="http://cwe.mitre.org/data/definitions/639.html">CWE-639: Authorization Bypass Through User-Controlled Key</a>

Vulnerable Configurations

Part	Description	Count
Application	Datalex Datalex Airline Booking Software -	1

References

http://www.kb.cert.org/vuls/id/693036