Insecure object reference - Corporate information

Insecure object reference - Corporate information

Description

It is possible to include or modify employee information of third party companies by uploading an excel file and changing the payrollNumber. An attacker can initiate a request to upload an excel file containing information on existing or non-existent employees and change the company identifier (payrollnumber) to one to which he does not have access. In this way the information sent is stored in the third party company, associating new employees or updating the information of those that already existed.

Impact

- Start a file upload process.
- Change the payrollNumber to not own.
- Upload or modify information to a third party company.

Recommendation

Verify that the user who is trying to modify the information has the necessary permissions to access.

Threat

Unauthorized user with access to corporate information.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the src.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: H
  • Availability: N

Temporal

  • Exploit code maturity: X
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
  • Score:
    • Base: 6.5
    • Temporal: 6.5
  • Severity:
    • Base: Medium
    • Temporal: Medium

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

  • Attack vector: N
  • Attack complexity: L
  • Attack Requirements: N
  • Privileges required: L
  • User interaction: N
  • Confidentiality (VC): N
  • Integrity (VI): H
  • Availability (VA): N
  • Confidentiality (SC): N
  • Integrity (SI): N
  • Availability (SA): N

Threat 4.0

  • Exploit maturity: X

Result 4.0

  • Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X
  • Score:
    • CVSS-BT: 7.1
  • Severity:
    • CVSS-BT: High

Requirements

Fixes

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.