Описание
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls.
Ссылки
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00552
Низкий
7.5 High
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
около 2 месяцев назад
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative users without authentication, bypassing security controls.
EPSS
Процентиль: 67%
0.00552
Низкий
7.5 High
CVSS3
Дефекты
CWE-306