Количество 2
Количество 2
CVE-2019-12837
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.
GHSA-84qr-xgvg-w6h2
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints, given that the attacker is authenticated as a student: 1) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/{student_id}/ 2) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/?page={page}.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-12837 The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints. | CVSS3: 4.3 | 0% Низкий | около 6 лет назад |
| GHSA-84qr-xgvg-w6h2 The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints, given that the attacker is authenticated as a student: 1) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/{student_id}/ 2) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/?page={page}. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу