CVE-2020-15958

High

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote…

mitre·CWE-639·Published 2020-09-18

CVSS

8.6

EPSS

0.03

KEV

Exploits

cve.orgen

236 chars

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.

NVDen

236 chars

NVDes

284 chars

Se detectó un problema en el Sistema 1CRM versiones hasta 8.6.7. Una referencia a objeto directa no segura en archivos almacenados internamente permite a un atacante remoto acceder a información confidencial variada por medio de una petición no autenticada con una URL predecible

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	8.6	3.9	4.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N