exploitDog

GHSA-fwj7-p878-r668

Опубликовано: 03 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.

Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.

Ссылки

EPSS

Процентиль: 91%

0.06591

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862

Связанные уязвимости

CVE-2024-56898

CVSS3: 8.8

nvd

около 1 года назад

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

EPSS

Процентиль: 91%

0.06591

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862