Описание
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.0.0 (включая) до 7.5.6 (включая)
cpe:2.3:a:energycap:energycap:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00473
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-269
Связанные уязвимости
github
больше 3 лет назад
Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attacker to access data. If an unauthenticated user clicks on a link on the public dashboard, the resource opens in EnergyCAP with access rights matching the user who created the dashboard.
EPSS
Процентиль: 64%
0.00473
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-269