Abstract Advisory Information
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6 allowing an unauthorized user to access Launcher Configuration Panel.
Authors: Yoann Chevalier
Version affected
Name: Star Practice Management Web
Version: 2019.2.0.6
Common Vulnerability Scoring System
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Reference
https://www.starpracticemanagement.com/
https://nvd.nist.gov/vuln/detail/CVE-2020-28402
Vulnerability Disclosure Timeline
- 01/10/2020: Vulnerability discovery
- 16/10/2020: Vulnerability Report to CERT-XLM
- 20/10/2020: Vulnerability Report to STAR
- 02/10/2020: STAR acknowledgment
- 10/11/2020: Request CVE IDs to Mitre
- 10/11/2020: CVE ID Assigned by MITRE
- 20/01/2021: Expected Vulnerability disclosure