Описание
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (исключая)
cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00173
Низкий
9.6 Critical
CVSS3
8.1 High
CVSS3
Дефекты
CWE-639
CWE-639
Связанные уязвимости
CVSS3: 9.6
github
больше 1 года назад
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
EPSS
Процентиль: 39%
0.00173
Низкий
9.6 Critical
CVSS3
8.1 High
CVSS3
Дефекты
CWE-639
CWE-639