Vulnerabilities > CVE-2020-14944 - Missing Authorization vulnerability in Globalradar BSA Radar 1.6.7234.24750

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

globalradar

CWE-862

NVD

Published: 2020-06-22

Updated: 2022-05-03

Summary

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.

Vulnerable Configurations

Part	Description	Count
Application	Globalradar Globalradar BSA Radar - Globalradar BSA Radar 1.6.7234.24750	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md
https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities
http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html