portlets/contact/ref/refContactDetail.do in Accela Civic Platform up to and including 20.1 allows remote malicious users to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
accela civic platform |