CVE-2020-36125

EUVD-2020-23703
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
paxtechnologypaxstore
𝑥
≤ 7.0.8_20200511171508
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/
https://marketing.paxtechnology.com/about-pax
https://www.whatspos.com/
https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/
https://marketing.paxtechnology.com/about-pax
https://www.whatspos.com/