Описание
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:eic:e-document_system:2.9:*:*:*:*:*:*:*
cpe:2.3:a:eic:e-document_system:3.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00914
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.
EPSS
Процентиль: 75%
0.00914
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287