Unauthenticated Password Changes in ForLogic Qualiex v1 and v3 Allow Unauthorized Access to Customer and Admin Permissions and Data

Unauthenticated Password Changes in ForLogic Qualiex v1 and v3 Allow Unauthorized Access to Customer and Admin Permissions and Data

CVE-2020-24029 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.

Learn more about our Web Application Penetration Testing UK.