CVE-2020-14944
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 6.3%
from disclosure to weapon16 days
Published on NVDJun 22
1st PoC+16d
exploitation probability
6.3%top 7% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48653unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.htmlhttps://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilitieshttps://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md