CVE-2021-42332

Description

The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.

References

Third Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

LOW

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

4.3

BaseSeverity

MEDIUM

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

4

VectorString

AV:N/AC:L/Au:S/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE