Vulnerabilities 2024Permanent link for this heading

Fabasoft Cloud Privilege Escalation using low-code (PDO14718)Permanent link for this heading

First published: 3 October 2024

Last update: 7 October 2024

ID: PDO14718

Affected Components: Fabasoft Cloud

Severity: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, Score=7,7 HIGH

Status: Final

CVEs: -

SummaryPermanent link for this heading

Users with the appropriate prerequisites can execute non-secured code to obtain all roles using low-code.

ImpactPermanent link for this heading

An attacker with the permission to write low-code can write an expression to execute non-secure code to assign any role to his user.

RemediationPermanent link for this heading

The low-code vulnerability is fixed.

Fabasoft CloudPermanent link for this heading

A hotfix was applied in the Fabasoft Cloud at 1. September 2024.

Fabasoft Cloud Privilege Escalation using low-code (PDO13286)Permanent link for this heading

First published: 3 October 2024

Last update: 7 October 2024

ID: PDO13286

Affected Components: Fabasoft Cloud

Severity: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N, Score: 8.7 HIGH

Status: Final

CVEs: -

SummaryPermanent link for this heading

Users with the appropriate prerequisites can obtain all roles using low-code.

ImpactPermanent link for this heading

An attacker with the permission to write low-code can write an expression to assign any role to his user.

RemediationPermanent link for this heading

The low-code vulnerability is fixed.

Fabasoft CloudPermanent link for this heading

A hotfix was applied in the Fabasoft Cloud at 5. June 2024.