Insecure Direct Object Reference in Newgen eGov 12.0's Correspondence Management System (CORMS) Allows Unauthorized Profile Modification

Insecure Direct Object Reference in Newgen eGov 12.0's Correspondence Management System (CORMS) Allows Unauthorized Profile Modification

CVE-2020-35737 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Learn more about our User Device Pen Test.