exploitDog

CVE-2022-35898

Опубликовано: 01 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.

Ссылки

https://businessnetwork.opentext.com/b2b-gateway/
Product
https://hackandpwn.com/disclosures/CVE-2022-35898.pdf
Third Party Advisory
https://businessnetwork.opentext.com/b2b-gateway/
Product
https://hackandpwn.com/disclosures/CVE-2022-35898.pdf
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opentext:bizmanager:*:*:*:*:*:*:*:*

Версия до 16.6.0.1 (исключая)

EPSS

Процентиль: 30%

0.00112

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-295

Связанные уязвимости

GHSA-9q8p-c2mj-7c5v

CVSS3: 9.8

github

почти 3 года назад

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.

EPSS

Процентиль: 30%

0.00112

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-295