CVE-2017-7312

Опубликовано: 07 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).

Ссылки

https://amswoes.wordpress.com/2017/06/06/first-blog-post/
Third Party Advisory
https://amswoes.wordpress.com/2017/06/06/first-blog-post/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:personifycorp:personify360:7.5.2:*:*:*:*:*:*:*

cpe:2.3:a:personifycorp:personify360:7.6:*:*:*:*:*:*:*

cpe:2.3:a:personifycorp:personify360:7.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08326

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-g9jv-422p-3g6g