Описание
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.
EPSS
Процентиль: 31%
0.00115
Низкий
10 Critical
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 10
github
больше 1 года назад
An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.
EPSS
Процентиль: 31%
0.00115
Низкий
10 Critical
CVSS3
Дефекты
CWE-306