How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows attackers to read all user list information and reset passwords without proper authorization. This unauthorized access and control over user accounts can lead to data breaches and unauthorized operations, which may violate data protection requirements under standards like GDPR and HIPAA.

Specifically, the exposure of user information and the ability to reset passwords could compromise the confidentiality, integrity, and availability of personal data, potentially resulting in non-compliance with regulations that mandate strict access controls and protection of sensitive information.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

The vulnerability exists in the ZTE ZXEDM iEMS product's cloud EMS portal where the management does not properly control access to the user list acquisition function.

Because of this, attackers can read all user list information through the user list interface.

With the obtained user information, attackers can reset the passwords of those users, leading to unauthorized operations.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access and control over user accounts because attackers can reset passwords without proper authorization.

Such unauthorized operations can compromise the confidentiality, integrity, and availability of the system.

The CVSS score of 7.1 indicates a high severity impact, meaning the vulnerability poses significant risks if exploited.

Useful 0 Not Useful 0