Vulnerabilities > CVE-2019-12734 - Missing Authorization vulnerability in Sitevision 4.0/5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SiteVision 4 has Incorrect Access Control.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Packetstorm
data source https://packetstormsecurity.com/files/download/155584/sitevision-accesscontrol.txt id PACKETSTORM:155584 last seen 2019-12-07 published 2019-12-06 reporter Oscar Hjelm source https://packetstormsecurity.com/files/155584/SiteVision-4.x-5.x-Insufficient-Module-Access-Control.html title SiteVision 4.x / 5.x Insufficient Module Access Control data source https://packetstormsecurity.com/files/download/155585/sitevision-exec.txt id PACKETSTORM:155585 last seen 2019-12-07 published 2019-12-06 reporter Oscar Hjelm source https://packetstormsecurity.com/files/155585/SiteVision-4.x-5.x-Remote-Code-Execution.html title SiteVision 4.x / 5.x Remote Code Execution
References
- http://packetstormsecurity.com/files/155584/SiteVision-4.x-5.x-Insufficient-Module-Access-Control.html
- http://seclists.org/fulldisclosure/2019/Dec/12
- http://seclists.org/fulldisclosure/2019/Dec/13
- https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/
- https://www.cybercom.com/contentassets/ac929be030744b8e92dc6e457fdb7dcc/sitevision-disclosure-insufficient-access-control.pdf
- https://www.sitevision.se/