Описание
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:ddrt:dashcom_live_firmware:2019-05-09:*:*:*:*:*:*:*
cpe:2.3:h:ddrt:dashcom_live:-:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.0029
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.
EPSS
Процентиль: 52%
0.0029
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306