CVE-2021-36723

MEDIUM

6.1

Beschreibung

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht12/29/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

emuse_-_eservices_\/_envoice_project:emuse_-_eservices_\/_envoice

Schwachen (CWE)

CWE-359CWE-200

Referenzen

https://www.gov.il/en/departments/faq/cve_advisories(cna@cyber.gov.il)

https://www.gov.il/en/departments/faq/cve_advisories(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.