CVE-2020-26506

An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
marmindmarmind
4.1.141.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.marmind.com/en/
https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html
https://www.marmind.com/en/
https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html