Vulnerabilities > CVE-2020-26506 - Missing Authorization vulnerability in Marmind 4.1.141.0

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

marmind

CWE-862

NVD

Published: 2020-11-05

Updated: 2021-07-21

Summary

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.

Vulnerable Configurations

Part	Description	Count
Application	Marmind Marmind Marmind 4.1.141.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.marmind.com/en/
https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html