Описание
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 25.2.0 (исключая)
Одно из
cpe:2.3:a:extremenetworks:extremecloud_universal_ztna:*:*:*:*:*:*:*:*
cpe:2.3:a:extremenetworks:extremecloud_universal_ztna:25.2.0:-:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-287
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
github
8 месяцев назад
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specfic owenr_id.
EPSS
Процентиль: 13%
0.00042
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-287
NVD-CWE-noinfo