SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HSearchblox
APPSearchblox< 9.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2020-10131CRITICAL9.8ten sam produkt
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
CVE-2018-11586CRITICAL9.8ten sam produkt
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated u...
CVE-2015-7919CRITICAL10.0ten sam produkt
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a deni...
CVE-2020-10129HIGH8.8ten sam produkt
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin func...
CVE-2020-35580HIGH7.5ten sam produkt
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthen...