CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5134-39f74-1.html Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:ecoa:riskterminator:-:*:*:*:*:*:*:*

Information

Published : 2021-09-30 11:15

Updated : 2021-10-07 04:25


NVD link : CVE-2021-41298

Mitre link : CVE-2021-41298

Products Affected
No products.
CWE