CVE-2021-29396

CRITICAL

Globalnorthstar Northstar Club Manage... - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://Ardent-Security.com
Third Party Advisory x_refsource_misc
https://ardent-security.com/en/advisory/asa-2021-04/

Scores

CVSS v3 9.8
EPSS 0.0140
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
globalnorthstar/northstar_club_management 6.3
Published Feb 04, 2022
Tracked Since Feb 18, 2026