PT-2017-9635 · Lynxspring · Lynxspring Jenesys Bas Bridge

Maxim Rupp

Publicado

2017-02-13

Atualizado

2017-02-17

CVE-2016-8357

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Lynxspring JENEsys BAS Bridge versions 1.1.8 and older

Description A user with read-only access can send commands to the software, and the application will accept those commands, allowing an attacker to make changes within the application.

Recommendations For versions 1.1.8 and older, restrict access to the software to prevent users with read-only access from sending commands. As a temporary workaround, consider disabling command execution for users with read-only access until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2016-8357

Produtos afetados

Lynxspring Jenesys Bas Bridge

PT-2017-9635 · Lynxspring · Lynxspring Jenesys Bas Bridge

CVE-2016-8357

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4