Описание
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
Ссылки
- Product
- Product
Уязвимые конфигурации
Конфигурация 1Версия от 2.5.95 (включая) до 3.2.57 (исключая)
cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*
EPSS
Процентиль: 10%
0.00035
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-288
CWE-306
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
EPSS
Процентиль: 10%
0.00035
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-288
CWE-306