exploitDog

CVE-2022-40319

Опубликовано: 17 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.

Ссылки

https://packetstormsecurity.com/2301-exploits/listserv17-idor.txt
Third Party Advisory
VDB Entry
https://peach.ease.lsoft.com/scripts/wa-PEACH.exe?A0=LSTSRV-L
Vendor Advisory
https://packetstormsecurity.com/2301-exploits/listserv17-idor.txt
Third Party Advisory
VDB Entry
https://peach.ease.lsoft.com/scripts/wa-PEACH.exe?A0=LSTSRV-L
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lsoft:listserv:17.0:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.26015

Средний

7.5 High

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-mf9g-q8q5-vfm5

CVSS3: 7.5

github

около 3 лет назад

The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.

EPSS

Процентиль: 96%

0.26015

Средний

7.5 High

CVSS3

Дефекты

CWE-639

CWE-639