CVE-2020-9384
HIGHSubex ROC Partner Settlement 10.5 - Authenticated Account Takeover via Change Password IDOR
Title source: llmDescription
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. NOTE: This vulnerability may only affect a testing version of the application
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.subex.com/partner-settlement/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157197/Subex-ROC-Partner-Settlement-10.5-Insecure-Direct-Object-Reference.html
Scores
CVSS v3
8.8
EPSS
0.0190
EPSS Percentile
77.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (1)
subex/roc_partner_settlement
10.5
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026