Описание
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.0 (включая)
cpe:2.3:a:apache:jetspeed:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10305
Средний
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
EPSS
Процентиль: 93%
0.10305
Средний
7.5 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-264