exploitDog

GHSA-5p7g-3pf4-fr58

Опубликовано: 19 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.6

Описание

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.

Ссылки

EPSS

Процентиль: 35%

0.00145

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-472

Связанные уязвимости

CVE-2025-30236

CVSS3: 8.6

nvd

11 месяцев назад

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.

EPSS

Процентиль: 35%

0.00145

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-472