What the vulnerability does
01Description
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
Explanation of Vulnerability in Simple Terms
TMS Amelia versions 2.3 and earlier contain an improper privilege escalation vulnerability. An authenticated user with low privileges can gain high-level access to read, modify, or delete sensitive data and disrupt site operations. The vulnerability requires network access but no user interaction. Organizations running affected versions should update immediately.
What an attacker can do
Read, modify, or delete sensitive data; disrupt site availability.
Potential impact on your site
Authenticated users can escalate privileges to perform admin-level actions without authorization.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities