exploitDog

GHSA-6vjc-2rp5-c2hr

Опубликовано: 31 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.

Ссылки

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-29557

CVSS3: 5.4

nvd

6 месяцев назад

ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-284