Описание
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:seling:visual_access_manager:4.38.6:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-444
Связанные уязвимости
CVSS3: 6.5
github
почти 2 года назад
An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
EPSS
Процентиль: 15%
0.00049
Низкий
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-444