Security Advisory

CVE-2021-37215

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-09 09:15:31

Last updated 2024-09-17 02:41:52

Assigner twcert

State PUBLISHED

Description

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter.

← Browse all CVEs View on cve.org ↗