Описание
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels
Уязвимые конфигурации
Конфигурация 1Версия до 2.04.560 (включая)
cpe:2.3:a:cs-technologies:evolution:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00146
Низкий
7.5 High
CVSS3
Дефекты
CWE-200
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels
EPSS
Процентиль: 35%
0.00146
Низкий
7.5 High
CVSS3
Дефекты
CWE-200
NVD-CWE-Other