CVE-2015-1173

Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
unit4teta_web
𝑥
≤ 22.62.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html
http://seclists.org/fulldisclosure/2015/Aug/68
http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html
http://seclists.org/fulldisclosure/2015/Aug/68