CVE-2020-28403

A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
mitreCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
irisstar
2019.2.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403
https://www.starpracticemanagement.com/
https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403
https://www.starpracticemanagement.com/