Описание
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:weaver:eteams_oa:4.0.34:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00266
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-613
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
EPSS
Процентиль: 50%
0.00266
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-613