cbcvebase.
CVE-2020-14944
published 2020-06-22

CVE-2020-14944: Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.34%
92.8th percentile
Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser.

Affected

1 ranges
VendorProductVersion rangeFixed in
globalradarbsa_radar<= 1.6.7234.24750

Detection & IOCsextracted from sources · hover to see the quote

url/WS/AjaxWS.asmx/ChangePassword
url/WS/AjaxWS.asmx/SaveUserProfile
url/WS/AjaxWS.asmx/GetUser
  • Monitor for unauthenticated or cross-user POST requests to /WS/AjaxWS.asmx/ChangePassword with a UserID parameter differing from the authenticated session's user, indicating account takeover attempts.
  • Detect POST requests to /WS/AjaxWS.asmx/SaveUserProfile where the UserID in the JSON body does not match the session owner; also inspect Firstname and Lastname fields for script injection payloads (stored XSS).
  • Detect POST requests to /WS/AjaxWS.asmx/GetUser with arbitrary userID values being enumerated, which may indicate user account reconnaissance via IDOR.
  • Alert on stored XSS payloads (e.g., script tags or alert() calls) appearing in Firstname or Lastname fields of BSA Radar user profiles, as these render on nearly every application page.
  • ·The vulnerable application version is 1.6.7234.24750 and earlier; ensure detections are scoped to this version range.
  • ·The application runs on Windows; tune endpoint/host-based detections accordingly.
  • ·The three vulnerable ASMX endpoints (ChangePassword, SaveUserProfile, GetUser) are part of an AJAX web service; WAF rules should target the /WS/AjaxWS.asmx path with POST method inspection.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.