CVE-2020-14944

CRITICAL

Global RADAR BSA Radar <1.6.7234.24750 - Privilege Escalation

Title source: llm

Description

Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.

Exploits (1)

exploitdb WORKING POC

by William Summerhill · textwebappshardware

https://www.exploit-db.com/exploits/48653

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/158372/BSA-Radar-1.6.7234.24750-Cross-Site-Request-Forgery.html

[Third Party Advisory] https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities

[Exploit, Third Party Advisory] https://github.com/wsummerhill/BSA-Radar_CVE-Vulnerabilities/blob/master/CVE-2020-14944%20-%20Access%20Control%20Vulnerabilities.md

Scores

CVSS v3 9.8

EPSS 0.1180

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (1)

globalradar/bsa_radar < 1.6.7234.24750

Published Jun 22, 2020

Tracked Since Feb 18, 2026