Primary

Context

M2Soft CROWNIX Report & ERS Incorrect Access Control Vulnerability Granting Administrator Privileges

Vulnerability

A vulnerability exists in M2Soft CROWNIX Report & ERS versions 7.x prior to 7.4.3.599 and 8.x prior to 8.0.3.79, allowing unauthorized attackers to gain access to Administrator accounts. This issue stems from incorrect access control, particularly in the ManagerService component, which failed to properly validate user permissions before allowing access to sensitive administrative functions.

Impact

Exploitation of this vulnerability allows unauthorized users to obtain Administrator privileges, potentially leading to further exploitation or misuse of administrative capabilities within the application.

Remediation

Users are advised to update to CROWNIX Report & ERS version 7.4.3.561 or 8.0.3.82. For assistance, contact the M2Soft technical support center by phone or email.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

M2Soft CROWNIX Report & ERS Incorrect Access Control Vulnerability Granting Administrator Privileges

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating