How severe is CVE-2020-36126?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-36126?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2020-36126 - HIGH Severity | CVSS 8.1

Vulnerability Description

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment terminals, where an attacker can impersonate any user which may lead to the unauthorized disclosure, modification, or destruction of information.

Related Vulnerabilities

CVE-2019-12782

HIGH

CVSS:8.1(High)

An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards ...

CWE-6392019

CVE-2021-24739

HIGH

CVSS:8.1(High)

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

CWE-6392021

CVE-2021-36801

HIGH

CVSS:8.1(High)

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. This issue was fixed in version 2.1.13 of the product.

CWE-6392021

CVE-2021-39225

HIGH

CVSS:8.1(High)

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of an...

CWE-6392021

CVE-2021-46416

HIGH

CVSS:8.1(High)

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.

CWE-6392021

CVE-2022-25471

HIGH

CVSS:8.1(High)

An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/...

CWE-6392022