What the vulnerability does
01Description
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
What the vulnerability does
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
Explanation of Vulnerability in Simple Terms
GetGenie versions up to 4.3.0 lack proper authorization checks, allowing high-privilege users to trigger a denial-of-service condition. An attacker with administrative or equivalent access can make the site unresponsive or unavailable. Update to version 4.4.3 or later to resolve this issue.
What an attacker can do
Make the site unavailable or unresponsive by triggering a denial-of-service condition.
Potential impact on your site
A malicious admin or compromised high-privilege account can render your site unavailable without leaving obvious traces.
Conditions required to exploit
Attacker must have high-level privileges (admin or equivalent role) on the site.
Key dates
External resources