Описание
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.4:*:*:*:*:*:*:*
cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.5:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00282
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function.
EPSS
Процентиль: 51%
0.00282
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287