Vulnerabilities > CVE-2020-26175 - Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow 1.17.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

tangro

CWE-639

NVD

Published: 2020-12-18

Updated: 2021-07-21

Summary

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users.

Vulnerable Configurations

Part	Description	Count
Application	Tangro Tangro Business Workflow 1.17.5	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.tangro.de/
https://blog.to.com/advisory-tangro-bwf-1-17-5-multiple-vulnerabilities/