CVE-2021-34369

MEDIUM

Accela Civic Platform <20.1 - Info Disclosure

Title source: llm

Description

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.

Exploits (1)

exploitdb WORKING POC

by Abdulazeez Alaseeri · textwebappsmultiple

https://www.exploit-db.com/exploits/49991

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://gist.github.com/0xx7/58943bb6e9ef77a09d3c7eb00dcafdc7

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/163116/Accela-Civic-Platform-21.1-Insecure-Direct-Object-Reference.html

Scores

CVSS v3 6.5

EPSS 0.0677

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

accela/civic_platform < 20.1

Published Jun 09, 2021

Tracked Since Feb 18, 2026