Описание
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ivanti:incapptic_connect:1.35.3:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.35.4:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.35.5:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.36.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.37.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.37.1:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.38.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.38.1:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.39.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.39.1:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:incapptic_connect:1.40.0:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.15382
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.2
github
почти 4 года назад
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
EPSS
Процентиль: 94%
0.15382
Средний
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
NVD-CWE-noinfo