exploitDog

CVE-2023-33291

Опубликовано: 28 мая 2023

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)

Ссылки

http://packetstormsecurity.com/files/172476/eBankIT-6-Arbitrary-OTP-Generation.html
Third Party Advisory
VDB Entry
https://www.ebankit.com/digital-banking-platform
Product
http://packetstormsecurity.com/files/172476/eBankIT-6-Arbitrary-OTP-Generation.html
Third Party Advisory
VDB Entry
https://www.ebankit.com/digital-banking-platform
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ebankit:ebankit:6:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

7.4 High

CVSS3

Дефекты

CWE-276

CWE-276

Связанные уязвимости

GHSA-8rvv-m62r-89wp

CVSS3: 7.4

github

больше 2 лет назад

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)

EPSS

Процентиль: 20%

0.00063

Низкий

7.4 High

CVSS3

Дефекты

CWE-276

CWE-276