Описание
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:justblab:blab\!_ax:19.11:*:*:*:*:*:*:*
cpe:2.3:a:justblab:blab\!_ax_pro:19.11:*:*:*:*:*:*:*
cpe:2.3:a:justblab:blab\!_ws:19.11:*:*:*:*:*:*:*
cpe:2.3:a:justblab:blab\!_ws_pro:19.11:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00525
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
github
больше 3 лет назад
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
EPSS
Процентиль: 66%
0.00525
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-330