Описание
Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01
EPSS
Процентиль: 23%
0.00079
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-288
Связанные уязвимости
CVSS3: 7
github
6 месяцев назад
Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01.
EPSS
Процентиль: 23%
0.00079
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-288