Описание
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20210708 (включая)
cpe:2.3:a:4mosan:gcb_doctor:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00811
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-285
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
EPSS
Процентиль: 74%
0.00811
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-285
CWE-287