exploitDog

GHSA-583q-h2h6-7284

Опубликовано: 16 авг. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

Ссылки

EPSS

Процентиль: 62%

0.00434

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2022-38368

CVSS3: 8.8

nvd

больше 3 лет назад

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

EPSS

Процентиль: 62%

0.00434

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-287