Описание
An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
Уязвимые конфигурации
Конфигурация 1Версия до 23.1.0.40440 (исключая)
cpe:2.3:a:networkoptix:nxcloud:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00163
Низкий
8.3 High
CVSS3
8.1 High
CVSS3
Дефекты
CWE-290
CWE-290
Связанные уязвимости
CVSS3: 8.3
github
около 2 лет назад
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
EPSS
Процентиль: 37%
0.00163
Низкий
8.3 High
CVSS3
8.1 High
CVSS3
Дефекты
CWE-290
CWE-290