** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020.
References
Link | Resource |
---|---|
https://www.gruppotim.it/redteam | Third Party Advisory |
https://www.gruppotim.it/redteam | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.gruppotim.it/redteam - Third Party Advisory |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
09 Oct 2021, 03:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
CPE | cpe:2.3:a:archibus:web_central:21.3.3.815:*:*:*:*:*:*:* | |
References | (MISC) https://www.gruppotim.it/redteam - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
07 Oct 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw, /archibus/schema/ab-core/views/process-navigator/ab-my-user-profile.axvw. By not verifying the permissions for access to resources, it allows a potential attacker to view pages that are not allowed. Specifically, it was found that any authenticated user can reach the administrative console for user management by directly requesting access to the page via URL. This allows a malicious user to modify all users' profiles, to elevate any privileges to administrative ones, or to create or delete any type of user. It is also possible to modify the emails of other users, through a misconfiguration of the username parameter, on the user profile page. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020. |
05 Oct 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-05 15:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41554
Mitre link : CVE-2021-41554
CVE.ORG link : CVE-2021-41554
JSON object : View
Products Affected
archibus
- web_central
CWE
CWE-862
Missing Authorization