exploitDog

CVE-2021-26705

Опубликовано: 05 мар. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes.

Ссылки

https://www.exploit-db.com/exploits/49621
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/49621
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squarebox:catdv:*:*:*:*:*:*:*:*

Версия до 9.2 (включая)

EPSS

Процентиль: 65%

0.0048

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-h5qv-vx75-7rx9

github

больше 3 лет назад

An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes.

EPSS

Процентиль: 65%

0.0048

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-306