Описание
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
Ссылки
- Technical DescriptionThird Party Advisory
- Technical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:h:sophos:cyberoam_cr25ing_utm:-:*:*:*:*:*:*:*
cpe:2.3:o:sophos:cyberoam_cr25ing_utm_firmware:10.6.2:mr-5:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02458
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
EPSS
Процентиль: 85%
0.02458
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-264