Описание
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.5.2 (включая)Версия от 6.0.0 (включая) до 6.0.1 (включая)
Одно из
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
8.8 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 8.8
github
3 месяца назад
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
EPSS
Процентиль: 5%
0.00021
Низкий
8.8 High
CVSS3
Дефекты
CWE-284