Role Manipulation Vulnerability in RHDM Allows Unauthorized Admin Privileges

Role Manipulation Vulnerability in RHDM Allows Unauthorized Admin Privileges

CVE-2019-14841 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

Learn more about our Web Application Penetration Testing UK.