CVE-2022-47553

Опубликовано: 19 сент. 2023

Источник: nvd

CVSS3: 8.6

CVSS3: 7.5

EPSS Низкий

Описание

Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*

cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*

cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00115

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-285

CWE-863

Связанные уязвимости

GHSA-5c9g-8r99-23rp

CVSS3: 8.6

github

больше 2 лет назад

** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server.

EPSS

Процентиль: 30%

0.00115

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-285

CWE-863