#VU22764 Improper access control in Email Subscribers & Newsletters
Published: November 14, 2019
Vulnerability identifier: #VU22764
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Email Subscribers & Newsletters
Email Subscribers & Newsletters
Software vendor:
icegram
icegram
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions, export the list of subscribers and obtain sensitive information, such as user emails by sending the correct query variables and corresponding parameters.
Remediation
Install updates from vendor's website.