exploitDog

CVE-2020-13877

Опубликовано: 12 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.

Ссылки

https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/807698439/v1.8+HF+1+2+3+OnPrem+v5.3
Release Notes
Vendor Advisory
https://www.resourcexpress.com/news/
Vendor Advisory
https://resourcexpress.atlassian.net/wiki/spaces/RSG/pages/807698439/v1.8+HF+1+2+3+OnPrem+v5.3
Release Notes
Vendor Advisory
https://www.resourcexpress.com/news/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:resourcexpress:meeting_monitor:4.9:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02153

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5m2f-38x2-jc6h

github

больше 3 лет назад

SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.

EPSS

Процентиль: 84%

0.02153

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89