exploitDog

GHSA-wxgh-g8jm-vcx5

Опубликовано: 09 сент. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.

Ссылки

EPSS

Процентиль: 58%

0.00363

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2022-27969

CVSS3: 5.3

nvd

больше 3 лет назад

Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.

EPSS

Процентиль: 58%

0.00363

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-287