Vulnerabilities > CVE-2020-35577 - Unspecified vulnerability in Endalia Selection Portal 4.205.0

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

endalia

NVD

Published: 2021-02-18

Updated: 2021-02-26

Summary

In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).

Vulnerable Configurations

Part	Description	Count
Application	Endalia Endalia Selection Portal 4.205.0	1

References

https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-35577
https://www.endalia.com/en/software/