Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-32744
HistoryJul 21, 2021 - 4:15 p.m.

Design/Logic Flaw

2021-07-2116:15:00
PRIOn knowledge base
www.prio-n.com
3

0.002 Low

EPSS

Percentile

53.8%

JSON

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to guess the file identifier - the predictability of this file identifier is dependent on external file-storage implementations (this is a potential “IDOR” - Insecure Direct Object Reference - vulnerability). Versions 4.2.17-1 and 6.4.9-5 contain patches for this issue. There is no known workaround except updating the Collabora Online application to one of the patched releases.

CPENameOperatorVersion
onlineeq< 4.2.17-1
onlinege6.4.0
onlinelt6.4.9

Related

cve 1
openvas 1
cvelist 1
nvd 1
cve
cve
CVE-2021-32744
2021-07-21 16:15:08
openvas
openvas
Collabora CODE / Collabora Online < 4.2.17-2 / 5.x < 6.4.9-6 Authorization Bypass Vulnerability
2021-12-09 00:00:00
cvelist
cvelist
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files
2021-07-21 16:00:11
nvd
nvd
CVE-2021-32744
2021-07-21 16:15:08

0.002 Low

EPSS

Percentile

53.8%

JSON
Related for PRION:CVE-2021-32744
cve1openvas1cvelist1nvd1