PT-2007-6599 · Base · Basic Analysis/Security Engine

Publicado

2007-10-18

Atualizado

2017-07-29

CVE-2007-5578

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Basic Analysis and Security Engine (BASE) versions prior to 1.3.8

Description The issue allows remote attackers to bypass authentication. This can be achieved via several vectors, including the "base main.php" and "base qry alert.php" API endpoints.

Recommendations For versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "base main.php" and "base qry alert.php" endpoints until the update is applied.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2007-5578

Produtos afetados

Basic Analysis/Security Engine

PT-2007-6599 · Base · Basic Analysis/Security Engine

CVE-2007-5578

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9