MEDIUM🇵🇱 Wersja polska

CVE-2021-25991

CVSS 5.7v3.1pub. 2021-12-29upd. 2024-11-21

In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
  • If Me Ifme

    APP
    If-Me
    5.0.0 – 7.32
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-25992CRITICAL9.8ten sam produkt

In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated l...

CVE-2021-25988MEDIUM5.4ten sam produkt

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) w...

CVE-2021-25989MEDIUM5.4ten sam produkt

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. I...

CVE-2021-25990MEDIUM5.4ten sam produkt

In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allo...