CVE-2020-28402 | Cyber Solutions By Thales

Abstract Advisory Information

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6 allowing an unauthorized user to access Launcher Configuration Panel.

Author: Yoann Chevalier

Version affected

Name: Star Practice Management Web

Version: 2019.2.0.6

Common Vulnerability Scoring System

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

References

https://www.starpracticemanagement.com/
https://nvd.nist.gov/vuln/detail/CVE-2020-28402

Vulnerability Disclosure Timeline

01/10/2020: Vulnerability discovery
16/10/2020: Vulnerability Report to CERT-XLM
20/10/2020: Vulnerability Report to STAR
02/10/2020: STAR acknowledgment
10/11/2020: Request CVE IDs to Mitre
10/11/2020: CVE ID Assigned by MITRE
20/01/2021: Expected Vulnerability disclosure