CVE-2020-26177

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-669
View all →

Vulnerability Description

In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibited server-side.

Related Vulnerabilities

CVE-2021-29960

MEDIUM
CVSS:4.3(Medium)

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined m...

CWE-6692021

CVE-2021-34574

MEDIUM
CVSS:4.3(Medium)

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new passw...

CWE-6692021

CVE-2024-37891

MEDIUM
CVSS:4.4(Medium)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. H...

CWE-6692024

CVE-2024-42158

MEDIUM
CVSS:4.1(Medium)

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix war...

CWE-6692024

CVE-2020-15257

MEDIUM
CVSS:5.2(Medium)

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to...

CWE-6692020

CVE-2020-6862

MEDIUM
CVSS:5.3(Medium)

V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code.

CWE-6692020