Описание
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.2 (исключая)Версия до 8.2 (исключая)
Одно из
cpe:2.3:a:myq-solution:central_server:*:*:*:*:*:*:*:*
cpe:2.3:a:myq-solution:central_server:8.2:-:*:*:*:*:*:*
cpe:2.3:a:myq-solution:print_server:*:*:*:*:*:*:*:*
cpe:2.3:a:myq-solution:print_server:8.2:-:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0063
Низкий
8.8 High
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 8.8
github
почти 3 года назад
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.
EPSS
Процентиль: 70%
0.0063
Низкий
8.8 High
CVSS3
Дефекты
CWE-863
CWE-863