Описание
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
Ссылки
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2