exploitDog

GHSA-pwj2-p9vr-j8jr

Опубликовано: 22 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5

Описание

Yealink YMCS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.

Yealink YMCS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.

Ссылки

EPSS

Процентиль: 13%

0.00043

Низкий

5 Medium

CVSS3

CVE ID

Дефекты

CWE-863

Связанные уязвимости

CVE-2025-52918

CVSS3: 5

nvd

8 месяцев назад

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.

EPSS

Процентиль: 13%

0.00043

Низкий

5 Medium

CVSS3

CVE ID

Дефекты

CWE-863