[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] UNIT4TETA TETA WEB - Authorization Bypass vulnerability
From: Lukasz Miedzinski <lukasz.miedzinski () gmail ! com>
Date: 2015-08-18 10:06:13
Message-ID: CABp=dMhXG+zcmOUa0GxzfXb0wjekZCrPdxbgC6xrJ3VwsDGs5g () mail ! gmail ! com
[Download RAW message or body]
Title: UNIT4TETA TETA WEB - Authorization Bypass vulnerability
Author: Lukasz MiedziĆski
Date: 08. January 2015
CVE: CVE-2015-1173
Affected software :
===================
UNIT4TETA TETA WEB 22.62.3.4 - newest version
Older versions are probably affected too.
Exploit was tested on :
======================
UNIT4TETA TETA WEB 22.62.3.4 - newest version
Description :
=============
TETA Web (former TETA Galactica) is an Internet platform interoperating
with TETA HR (former TETA Personnel) application. It provides support for
the HR departments of small, medium and very large companies.
With this platform managers obtain a tool for effective management of
subordinate business units, and HR departments can transfer some of their
tasks, such as generating reports and printouts, monitoring leave days
numbers and periodic examination dates, to employees and their supervisors.
Vulnerabilities :
*****************
Authorization Bypass :
================================
Description: Unauthorized users are able to manipulate received parameters
and get privileges to modules:
- Design Mode
- Debug Logger mode
Vulnerability is confirmed by Vendor. Patch is released
Contact :
=========
Lukasz[dot]Miedzinski[at]gmail[dot]com
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic