Overview
- Description
- In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.
- Source
- vulnerabilitylab@mend.io
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 5.2
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 4.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- vulnerabilitylab@mend.io
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:if-me:ifme:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A40185B0-74EF-455B-AF14-9AA5F3E55B88",
"versionEndIncluding": "7.32",
"versionStartIncluding": "5.0.0"
}
],
"operator": "OR"
}
]
}
]