exploitDog

GHSA-9c44-x77q-mr22

Опубликовано: 21 авг. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

Ссылки

EPSS

Процентиль: 17%

0.00053

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-55368

CVSS3: 8.8

nvd

6 месяцев назад

Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.

EPSS

Процентиль: 17%

0.00053

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-284