Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for egov by newgensoft

    CVE-2020-35737 (GCVE-0-2020-35737)

    Vulnerability from nvd – Published: 2020-12-30 19:39 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2020-12-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:15.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/49378"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-12-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users\u0027 profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-07T20:11:41.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/49378"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users\u0027 profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/49378",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/49378"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35737",
        "datePublished": "2020-12-30T19:39:17.000Z",
        "dateReserved": "2020-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:15.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35737 (GCVE-0-2020-35737)

    Vulnerability from cvelistv5 – Published: 2020-12-30 19:39 – Updated: 2024-08-04 17:09
    VLAI
    Summary
    In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2020-12-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:15.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/49378"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-12-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users\u0027 profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-07T20:11:41.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/49378"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-35737",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users\u0027 profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/AliAlsinan/0323e57d2345ef0b4e73c803dba93486"
                },
                {
                  "name": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/160826/Newgen-Correspondence-Management-System-eGov-12.0-Insecure-Direct-Object-Reference.html"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/49378",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/49378"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35737",
        "datePublished": "2020-12-30T19:39:17.000Z",
        "dateReserved": "2020-12-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:09:15.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }