PAXSTORE v7.0.8_20200511171508 and lower: Remote Bypass of Password Revalidation in Sensitive Operations

PAXSTORE v7.0.8_20200511171508 and lower: Remote Bypass of Password Revalidation in Sensitive Operations

CVE-2020-36125 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly.

Learn more about our Web Application Penetration Testing UK.