SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-05T01:37:36
Updated: 2024-08-03T21:33:17.007Z
Reserved: 2021-03-05T00:00:00
Link: CVE-2021-27963
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-03-05T02:15:12.457
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-27963
Redhat
No data.