CyberSec.Space Logo
Back to CVE Browser

CVE-2021-29394

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0900%
EPSS Percentile36.98th
PublishedFeb 4, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.

Affected Platforms (CPE)

πŸ“¦
Globalnorthstar

Northstar Club Management

= 6.3

References & Advisories

πŸ”— https://ardent-security.com
πŸ”— https://ardent-security.com/en/advisory/asa-2021-02/
πŸ”— https://ardent-security.com
πŸ”— https://ardent-security.com/en/advisory/asa-2021-02/

Related Vulnerabilities

CVE-2021-293939.8

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote ...

CVE-2021-293969.8

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to u...

CVE-2021-293957.5

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remot...

CVE-2021-293977.5

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Managem...