Abstract Advisory Information
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6 allowing an unauthorized user to access Billing page without the appropriate privileges.
Authors: Yoann Chevalier
Version affected
Name: Star Practice Management Web
Version: 2019.2.0.6
Common Vulnerability Scoring System
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Reference
https://www.starpracticemanagement.com/
https://nvd.nist.gov/vuln/detail/CVE-2020-28404
Vulnerability Disclosure Timeline
- 01/10/2020: Vulnerability discovery
- 16/10/2020: Vulnerability Report to CERT-XLM
- 20/10/2020: Vulnerability Report to STAR
- 02/10/2020: STAR acknowledgment
- 10/11/2020: Request CVE IDs to Mitre
- 10/11/2020: CVE ID Assigned by MITRE
- 20/01/2021: Expected Vulnerability disclosure