exploitDog

CVE-2019-15087

Опубликовано: 20 сент. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

Ссылки

http://www.adas-sso.com/es/extra/download.php
Product
https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas
Exploit
Patch
Third Party Advisory
http://www.adas-sso.com/es/extra/download.php
Product
https://security-garage.com/index.php/cves/from-open-redirect-to-rce-in-adas
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prise:adas:1.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03102

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-j2rp-g369-x572

github

больше 3 лет назад

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

EPSS

Процентиль: 86%

0.03102

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94