Описание
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
EPSS
Процентиль: 10%
0.00034
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 5.4
github
6 месяцев назад
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
EPSS
Процентиль: 10%
0.00034
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-284