Описание
Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (/api/config) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
Ссылки
- Product
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:mersive:solstice_pod_firmware:5.6:*:*:*:*:*:*:*
cpe:2.3:o:mersive:solstice_pod_firmware:6.2:*:*:*:*:*:*:*
cpe:2.3:h:mersive:solstice_pod:-:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00065
Низкий
7.5 High
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 7.5
github
2 месяца назад
Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
EPSS
Процентиль: 20%
0.00065
Низкий
7.5 High
CVSS3
Дефекты
CWE-319