*Description:* 

Netsweeper's account management interface allows
unauthorized changes to the "Account Owner" field due to client-side-only
restrictions and a lack of server-side validation. This vulnerability
enables account ownership reassignment to or away from any user. See
details below. Note: this sec vuln does require web app
authorisation initially but then abuses those privs.

*Source URL:*

https://helpdesk.netsweeper.com/docs/8_2_Docs/8_2_Netsweeper_Docs/Content/Release_Notes/Netsweeper_Release_Notes/8_2_Release_Notes/8_2_7_Release_and_Downloads.htm

 (patched in NS1271GA since my report)

*Source Name/Email:* 

Alasdair Gorniak

*Software URL:*

https://repo.netsweeper.com/releases/centos/iso/netsweeper-el8-x86_64-8.2.7-1.iso