Description
Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Aug/68
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html
Scores
EPSS
0.0222
EPSS Percentile
80.5%
Details
CWE
CWE-284
Status
published
Products (1)
unit4/teta_web
< 22.62.3.4
Published
Sep 16, 2015
Tracked Since
Feb 18, 2026