CVE-2020-26506

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.marmind.com/en/", "name": "https://www.marmind.com/en/", "tags": ["Product"], "refsource": "MISC"}, {"url": "https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html", "name": "https://www2.deloitte.com/de/de/pages/risk/articles/marmind-authorization-bypass.html", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-670"}, {"lang": "en", "value": "CWE-863"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-26506", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2020-11-05T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:marmind:marmind:4.1.141.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-21T11:39Z"}