exploitDog

CVE-2015-2847

Опубликовано: 26 июл. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

Ссылки

http://www.kb.cert.org/vuls/id/857948
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/857948
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:honeywell:tuxedo_touch:*:*:*:*:*:*:*:*

Версия до 5.1.13.0_va (включая)

EPSS

Процентиль: 59%

0.00381

Низкий

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-8c3j-6rq2-9h32

github

больше 3 лет назад

Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

EPSS

Процентиль: 59%

0.00381

Низкий

5 Medium

CVSS2

Дефекты

CWE-284