exploitDog

CVE-2024-38287

Опубликовано: 25 июл. 2024

Источник: nvd

CVSS3: 9.8

CVSS3: 9.1

EPSS Низкий

Описание

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.

Ссылки

https://github.com/google/security-research/security/advisories/GHSA-c84v-4pjw-4mh2
Third Party Advisory
https://www.rhubcom.com/v5/manuals.html
Product
https://github.com/google/security-research/security/advisories/GHSA-c84v-4pjw-4mh2
Third Party Advisory
https://www.rhubcom.com/v5/manuals.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*

Версия до 8.0 (исключая)

EPSS

Процентиль: 78%

0.01136

Низкий

9.8 Critical

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-640

CWE-640

EPSS

Процентиль: 78%

0.01136

Низкий

9.8 Critical

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-640

CWE-640