exploitDog

GHSA-v4mp-6mcf-frrc

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

Ссылки

EPSS

Процентиль: 79%

0.01305

Низкий

CVE ID

Связанные уязвимости

CVE-2015-1498

nvd

почти 11 лет назад

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

BDU:2015-10383

fstec

почти 11 лет назад

Уязвимость программы автоматизации работы пользователей Radia Client Automation, позволяющая нарушителю осуществить доступ к учётным записям пользователей

EPSS

Процентиль: 79%

0.01305

Низкий

CVE ID