Unrated severityNVD Advisory· Published May 7, 2021· Updated Aug 4, 2024
CVE-2020-36124
CVE-2020-36124
Description
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user (clients and administrators).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pax Technology/PAXSTOREdescription
- Range: <=7.0.8_20200511171508
Patches
Vulnerability mechanics
References
3- blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/mitrex_refsource_MISC
- marketing.paxtechnology.com/about-paxmitrex_refsource_MISC
- www.whatspos.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.