Описание
Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:kingspan:tms300_cs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kingspan:tms300_cs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00215
Низкий
9.8 Critical
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 9.1
github
около 3 лет назад
Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.
EPSS
Процентиль: 44%
0.00215
Низкий
9.8 Critical
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-287
CWE-287