Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2020-24028 CVE-2020-24030 CVE-2020-24029 |
CWE-ID | CWE-264 CWE-613 CWE-284 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Qualiex Client/Desktop applications / Other client software |
Vendor | ForLogic |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU46283
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24028
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote authenticated attacker can gain elevated privileges via user creations, password changes, or user permission updates.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQualiex: v1 - v3
External linkshttp://forlogic.net
http://github.com/underprotection/CVE-2020-24028
http://qualiex.com
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU46285
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24030
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQualiex: v1 - v3
External linkshttp://github.com/underprotection/CVE-2020-24030
http://qualiex.com
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU46284
Risk: Low
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24029
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can send a simple request and access customer and admin permissions.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsQualiex: v1 - v3
External linkshttp://github.com/underprotection/CVE-2020-24029
http://qualiex.com
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.