198 – Lack of data validation - Out of range

Description

Authenticated user in a domain that restricts certain functionalities such as Employee Management, can bypass the restrictions by using absolute paths to these functionalities.

Impact

Access the employee management panel from an unauthorized domain.

Recommendation

Verify that domains that have restricted certain functionalities cannot access them through absolute paths of these functionalities.

Threat

Authenticated user on the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 173 - Discard unsafe inputs
• 320 - Avoid client-side control enforcement
• 342 - Validate request parameters

Fixes

• Csharp
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala

Last updated

2024/02/16