Описание
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 15 (включая) до 38.1 (исключая)
cpe:2.3:a:pexip:pexip_infinity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00136
Низкий
8.2 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 8.2
github
около 1 месяца назад
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
EPSS
Процентиль: 34%
0.00136
Низкий
8.2 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-863