← back
CVE-2021-34369

CVE-2021-34369

EPSS 8.2%
portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49991unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.htmlhttps://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7