Описание
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
Ссылки
- ExploitThird Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.0 (включая)
cpe:2.3:a:xorux:xormon:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-648
Связанные уязвимости
CVSS3: 5.3
github
6 месяцев назад
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
EPSS
Процентиль: 16%
0.00052
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-648