CVE-2020-28402

CVE-2020-28402

by colinelacatena

Abstract Advisory Information

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6 allowing an unauthorized user to access Launcher Configuration Panel.

Authors: Yoann Chevalier

Version affected

Name: Star Practice Management Web
Version: 2019.2.0.6

Common Vulnerability Scoring System

5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Reference

https://www.starpracticemanagement.com/

https://nvd.nist.gov/vuln/detail/CVE-2020-28402

Vulnerability Disclosure Timeline

  • 01/10/2020: Vulnerability discovery
  • 16/10/2020: Vulnerability Report to CERT-XLM
  • 20/10/2020: Vulnerability Report to STAR
  • 02/10/2020: STAR acknowledgment
  • 10/11/2020: Request CVE IDs to Mitre
  • 10/11/2020: CVE ID Assigned by MITRE
  • 20/01/2021: Expected Vulnerability disclosure
Top