Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 4 Total

Learn more
ScoreSeverityVersionVector String
2.0LOW4.0CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4.5MEDIUM3.1CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
4.5MEDIUM3.0CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
3.52.0AV:L/AC:H/Au:S/C:P/I:P/A:P

Product Status

Learn more

Versions 21 Total

Default Status: unknown

affected

  • affected at 11.0 
  • affected at 11.1 
  • affected at 11.2 
  • affected at 11.3 
  • affected at 11.4 
  • affected at 11.5 
  • affected at 11.6 
  • affected at 11.7 
  • affected at 11.8 
  • affected at 11.9 
  • affected at 11.10 
  • affected at 11.11 
  • affected at 11.12 
  • affected at 11.13 
  • affected at 11.14 
  • affected at 11.15 
  • affected at 11.16 
  • affected at 11.17 
  • affected at 11.18 
  • affected at 11.19 
  • affected at 11.20 

Credits

  • Havook (VulDB User) reporter

Authorized Data Publishers

Learn more