exploitDog

CVE-2022-23858

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.

Ссылки

https://www.starwindsoftware.com/security/sw-20220121-0001/
Vendor Advisory
https://www.starwindsoftware.com/security/sw-20220121-0001/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:starwindsoftware:command_center:2:build_6003:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00557

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2gfj-wm5m-4vc3

CVSS3: 8.8

github

около 4 лет назад

In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API.

EPSS

Процентиль: 68%

0.00557

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo