Broken Authentication in Appspace 6.2.4: Exposed Framework and Functionality via Direct Page Access

Broken Authentication in Appspace 6.2.4: Exposed Framework and Functionality via Direct Page Access

CVE-2021-27990 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.

Learn more about our Web Application Penetration Testing UK.