CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31927
https://notcve.org/view.php?id=CVE-2021-31927
10 Jun 2021 — An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in v2021.1.0.2. Una vulnerabilidad de Referencia Directa a Objetos Insegura (IDOR) en Annex Cloud Loyalty Experience Platform versiones anteriores a 2021.1.0.1 permite a cualquier atacante autenticado modificar cualquier usuario existente, incluyendo usuarios ... • https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31928
https://notcve.org/view.php?id=CVE-2021-31928
10 Jun 2021 — Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2. Annex Cloud Loyalty Experience Platform versiones anteriores a 2021.1.0.1 permite a cualquier atacante autenticado escalar privilegios a superadministrador. Se ha corregido en la versión 2021.1.0.2 • https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31929
https://notcve.org/view.php?id=CVE-2021-31929
10 Jun 2021 — Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. Annex Cloud Loyalty Experience Platform versiones anteriores a 2021.1.0.1 permite a cualquier atacante autenticado modificar las campañas y la configuración de fidelidad, como la prevención del fraude, los grupos de cupones, las plantillas de correo electrónico o las referencias • https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md • CWE-732: Incorrect Permission Assignment for Critical Resource •