20.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

accela

NVD

Published: 2021-06-09

Updated: 2024-05-17

Summary

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.

Vulnerable Configurations

Part	Description	Count
Application	Accela Accela Civic Platform - Accela Civic Platform 19.2 Accela Civic Platform 20.1	3

References

https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7
http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html