Vulnerabilities > CVE-2019-19866 - Authorization Bypass Through User-Controlled Key vulnerability in Atos Unify Openscape UC web Client 10.0/9.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
atos
CWE-639

Summary

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.

Vulnerable Configurations

Part Description Count
Application
Atos
2