Описание
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 18 (исключая)
cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00231
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-288
CWE-287
Связанные уязвимости
github
больше 3 лет назад
Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.
EPSS
Процентиль: 46%
0.00231
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-288
CWE-287