CVE-2020-10129 - SearchBlox product before V-9.2 is vulnerable to Privileged Escalation-Lower user is able to access Admin# CVE-2020-10129 - SearchBlox product before V-9.2 is vulnerable to Privileged Escalation-Lower user is able to access Admin
**Product Description:** SearchBlox simplifies enterprise search for complex organizations. SearchBlox intuitive and intelligent tools offer out-of-the-box setup, secure encryption, and low total cost of ownership. AI-powered solutions optimize each step of the search journey to dramatically improve engagement. SearchBlox is the easy choice for leaders in financial services, healthcare, and government.
**Description:** SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality
**Vulnerability Type:** Privileged Escalation-Lower user is able to access Admin functionality
**Severity Rating:** High
**Vendor of Product:** SearchBlox
**Affected Product Code Base:** SearchBlox-9.1
**Affected Component:** SearchBlox product with version before 9.2 is vulnerable to Privileged Escalation issues where-Lower the user is able to access Admin functionality which affects product confidentiality.
**Attack Type:** Remote
**Impact Information Disclosure:** True
**Attack Vectors:** To exploit this vulnerability attacker must use the below URL
(http://<Web-Interface-URLs>/searchblox/admin/main.jsp?menu1=adm&menu2=cluster)
**Has the vendor confirmed or acknowledged the vulnerability?:** True
**Reference:** [Version 9.1 (searchblox.com) ](https://developer.searchblox.com/v9.2/changelog/version-91)
**Exploit Author:** Amar Kaldate
**Contact:** [ Amar Kaldate | LinkedIn ](https://www.linkedin.com/in/amar-kaldate/)
[4.0K] /data/pocs/45fe23eb34ee80df4a0660303266fb2a62a246e3
└── [1.6K] README.md
0 directories, 1 file