Описание
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.
Ссылки
EPSS
Процентиль: 53%
0.00304
Низкий
7.5 High
CVSS3
Дефекты
CWE-335
Связанные уязвимости
CVSS3: 7.5
github
10 месяцев назад
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.
EPSS
Процентиль: 53%
0.00304
Низкий
7.5 High
CVSS3
Дефекты
CWE-335