exploitDog

GHSA-wpcm-pg4g-v7c4

Опубликовано: 27 июл. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)

Ссылки

EPSS

Процентиль: 81%

0.01497

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2022-36412

CVSS3: 9.8

nvd

больше 3 лет назад

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)

EPSS

Процентиль: 81%

0.01497

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-287