exploitDog

CVE-2023-25780

Опубликовано: 02 июн. 2023

Источник: nvd

CVSS3: 5.7

EPSS Низкий

Описание

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7152-d7f5b-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:status:powerbpm:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-9c79-wfjr-5h4j

CVSS3: 5.7

github

больше 2 лет назад

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.

EPSS

Процентиль: 8%

0.0003

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-306