Описание
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.1 (исключая)
cpe:2.3:a:siemens:siport_mp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00268
Низкий
8.8 High
CVSS3
8.5 High
CVSS2
Дефекты
CWE-603
CWE-287
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.
EPSS
Процентиль: 50%
0.00268
Низкий
8.8 High
CVSS3
8.5 High
CVSS2
Дефекты
CWE-603
CWE-287