CVE-2022-30760

medium

Description

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

References

https://wiki.ihb-eg.de/doku.php/releasenotes/fn2web2.04.09

https://homepage.ruhr-uni-bochum.de/Christian.Krug-q97/CVE-2022-30760.html

Details

Source: Mitre, NVD

Published: 2022-06-09

Updated: 2022-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N