CVE-2022-38577

Опубликовано: 19 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.

Ссылки

http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://processmaker.com
Product
https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/168427/ProcessMaker-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://processmaker.com
Product
https://drive.google.com/file/d/1iP9NYUkYEy_FGMpcnTkUWn8nGcqDT02_/view?usp=sharing
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:processmaker:processmaker:*:*:*:*:*:*:*:*

Версия до 3.5.4 (исключая)

EPSS

Процентиль: 94%

0.13435

Средний

8.8 High

CVSS3

Дефекты

CWE-281

Связанные уязвимости

GHSA-gc28-55g9-f45f