← Voltar para CVEs
CVE-2021-42337
MEDIUM4.3
Descricao
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado11/16/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
aifu:cashier_accounting_management_system
Fraquezas (CWE)
CWE-285
Referencias
https://www.twcert.org.tw/tw/cp-132-5296-cbf80-1.html(twcert@cert.org.tw)
https://www.twcert.org.tw/tw/cp-132-5296-cbf80-1.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.