CVE-2021-42331

Опубликовано: 15 окт. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5201-dc534-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xinheinformation:xinhe_teaching_platform_system:v2021:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00122

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-285

CWE-862

Связанные уязвимости

GHSA-wxc7-jc57-c2hc