Learn about CVE-2020-35737, a security flaw in Correspondence Management System (corms) in Newgen eGov 12.0 allowing unauthorized profile modifications. Find mitigation steps and prevention measures.
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
Understanding CVE-2020-35737
This CVE entry describes a vulnerability in the Correspondence Management System (corms) within Newgen eGov 12.0 that allows an attacker to tamper with other users' profile data through the exploitation of an unvalidated parameter.
What is CVE-2020-35737?
The vulnerability in Newgen eGov 12.0 enables unauthorized users to alter profile information of other users by manipulating the UserIndex parameter without proper validation.
The Impact of CVE-2020-35737
The exploitation of this vulnerability can lead to unauthorized modification of user profiles, potentially resulting in data breaches, identity theft, or unauthorized access to sensitive information.
Technical Details of CVE-2020-35737
This section provides more in-depth technical insights into the CVE.
Vulnerability Description
The vulnerability arises from the lack of validation on the UserIndex parameter in the Correspondence Management System (corms) of Newgen eGov 12.0, allowing attackers to manipulate user profile data.
Affected Systems and Versions
Exploitation Mechanism
Attackers exploit the unvalidated UserIndex parameter in the Correspondence Management System to gain unauthorized access and modify user profile information.
Mitigation and Prevention
Protecting systems from CVE-2020-35737 requires immediate actions and long-term security measures.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates