Описание
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:archibus:archibus_web_central:2022.03.01.107:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00196
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
NVD-CWE-Other
CWE-284
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role.
EPSS
Процентиль: 42%
0.00196
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
NVD-CWE-Other
CWE-284