Описание
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
Ссылки
- Product
- Product
- Release NotesVendor Advisory
- Product
- Product
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.065 (исключая)
cpe:2.3:a:aceware:aceweb_online_portal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00387
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
EPSS
Процентиль: 59%
0.00387
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-434