Описание
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.0 (включая) до 2.0.0 (исключая)
cpe:2.3:a:ibm:concert:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.0003
Низкий
5.4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-942
CWE-697
Связанные уязвимости
CVSS3: 5.4
github
8 дней назад
IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.
EPSS
Процентиль: 7%
0.0003
Низкий
5.4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-942
CWE-697