Vulnerabilities > CVE-2021-38616 - Unspecified vulnerability in Eigentech Natural Language Processing 3.10.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |