exploitDog

CVE-2026-22230

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 7.6

EPSS Низкий

Описание

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.

Ссылки

https://docs.opexustech.com/docs/eCase/11.14.X/eCASE_Release_Notes_11.14.1.0.pdf
Release Notes
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-008-01.json
Broken Link
https://www.cve.org/CVERecord?id=CVE-2026-22230
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opexustech:ecase_audit:*:*:*:*:*:*:*:*

Версия до 11.14.1.0 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

7.6 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-mc6v-g8qv-fwmp

CVSS3: 7.6

github

30 дней назад

OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.

EPSS

Процентиль: 12%

0.0004

Низкий

7.6 High

CVSS3

Дефекты

CWE-863