Описание
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
Note:
This issue is a result of missing checks for services that require an active session.
Ссылки
- ExploitThird Party Advisory
- Patch
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
- ProductRelease Notes
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
- Patch
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
- ProductRelease Notes
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.96 (исключая)
cpe:2.3:a:freeopcua:opcua-asyncio:*:*:*:*:*:python:*:*
EPSS
Процентиль: 38%
0.00161
Низкий
6.5 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 6.5
ubuntu
около 2 лет назад
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.
EPSS
Процентиль: 38%
0.00161
Низкий
6.5 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-287
CWE-287