Описание
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:emsigner:emsigner:2.8.7:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00201
Низкий
5.9 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284
Связанные уязвимости
CVSS3: 5.9
github
около 2 лет назад
Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.
EPSS
Процентиль: 42%
0.00201
Низкий
5.9 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284