Strix
26.1K

CVE-2020-35737

HIGHCVSS 7.5/10EPSS 10.31%

Last modified

CVE-2020-35737 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.. EPSS estimates a 10.31% chance of exploitation in the next 30 days.

Description

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
10.31%

95.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
NewgensoftEgov12.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-35737?
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
How severe is CVE-2020-35737?
CVE-2020-35737 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 10.31% probability of exploitation in the next 30 days.
How do I fix CVE-2020-35737?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-35737?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST