Описание
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.
Ссылки
- Broken Link
- Vendor Advisory
- US Government Resource
- Not Applicable
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.
EPSS
8.8 High
CVSS3
9.8 Critical
CVSS3