Описание
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.
Ссылки
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.0049
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9.8
github
около 2 месяцев назад
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.
EPSS
Процентиль: 65%
0.0049
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-306