Vulnerabilities > CVE-2020-9384 - Authorization Bypass Through User-Controlled Key vulnerability in Subex ROC Partner Settlement 10.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/157197/Subex_ROC_Partner_Settlement_10.5_IDOR.txt |
| id | PACKETSTORM:157197 |
| last seen | 2020-04-20 |
| published | 2020-04-12 |
| reporter | Jirawat Vuthawiphat |
| source | https://packetstormsecurity.com/files/157197/Subex-ROC-Partner-Settlement-10.5-Insecure-Direct-Object-Reference.html |
| title | Subex ROC Partner Settlement 10.5 Insecure Direct Object Reference |