Main Vulnerability Database SB2020030202

SB2020030202 - Authorization bypass through user-controlled key in GRANDIT

Published: March 2, 2020

Security Bulletin ID SB2020030202

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Authorization bypass through user-controlled key (CVE-ID: CVE-2020-5539)

The vulnerability allows a local user to gain access to another user's session.

The vulnerability exist due to improper authorization functionality in session management. A remote attacker who can access the product may impersonate an arbitrary user and gain access to sensitive information on the target system.

Remediation

Install update from vendor's website.

References

https://jvn.jp/en/jp/JVN73472345/index.html
https://www.grandit.jp/etc/20200228_letter.pdf