Broken Authentication in Appspace 6.2.4: Exposed Framework and Functionality via Direct Page Access
CVE-2021-27990 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.
Learn more about our Web Application Penetration Testing UK.