CVE-2023-6554

Опубликовано: 11 янв. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

Ссылки

https://cert.pl/en/posts/2024/01/CVE-2023-6554/
Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6554/
Third Party Advisory
https://tcexam.org/
Product
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-6554/
Third Party Advisory
https://tcexam.org/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tecnick:tcexam:*:*:*:*:*:*:*:*

Версия до 15.1.0 (исключая)

EPSS

Процентиль: 40%

0.00184

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-gwgh-999f-h6wf