Vulnerabilities > CVE-2020-35737 - Unspecified vulnerability in Newgensoft Egov 12.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

newgensoft

NVD

Published: 2020-12-30

Updated: 2021-02-24

Summary

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Vulnerable Configurations

Part	Description	Count
Application	Newgensoft Newgensoft Egov 12.0	1

References

https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486
http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html
https://www.exploit-db.com/exploits/49378