Vulnerabilities > CVE-2021-29394 - Incorrect Authorization vulnerability in Globalnorthstar Northstar Club Management 6.3

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

globalnorthstar

CWE-863

NVD

Published: 2022-02-04

Updated: 2022-02-08

Summary

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.

Vulnerable Configurations

Part	Description	Count
Application	Globalnorthstar Globalnorthstar Northstar Club Management 6.3	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://ardent-security.com
https://ardent-security.com/en/advisory/asa-2021-02/