Insecure Access Control Allows Unauthorized Modification of Security Policies in SES Evolution before 2.1.0

Insecure Access Control Allows Unauthorized Modification of Security Policies in SES Evolution before 2.1.0

CVE-2021-31220 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies.

Learn more about our User Device Pen Test.