CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
beimscontractorweb.net
5.18.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://becomepentester.blogspot.com/2018/01/ZUUSE-BEIMS-ContractorWeb-Privilege-Escalations-CVE-2018-5328.html
https://becomepentester.blogspot.com/2018/01/ZUUSE-BEIMS-ContractorWeb-Privilege-Escalations-CVE-2018-5328.html