CVE-2022-44013

Опубликовано: 25 дек. 2022

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.

Ссылки

https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/
Exploit
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simmeth:lieferantenmanager:*:*:*:*:*:*:*:*

Версия до 5.6 (исключая)

EPSS

Процентиль: 54%

0.00311

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-6gpj-r895-3gxv