CVE-2021-22967 – In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Acc …

19 November 2021

Vuln ID: CVE-2021-22967

Published: 2021-11-19 19:15:08Z

Description: In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit messageâ€�.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H

Source: NVD.NIST.GOV

Date:

19 November 2021

Categories:

NVD

Tags:

NVD

44% of CISOs See No New Investments to Stop Data Breaches10 December 2023
Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer10 December 2023
Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released10 December 2023
Developments in AI, Networks, and Security Will Shape IT Decisions in 202410 December 2023
DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia9 December 2023