exploitDog

GHSA-5m5m-x2gj-fqpx

Опубликовано: 21 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

Ссылки

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-55367

CVSS3: 5.3

nvd

6 месяцев назад

Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

EPSS

Процентиль: 16%

0.00052

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-284