PT-2025-22972 · Mobatime · Mobatime Amx Mtapi

Manuel Walder

Publicado

2025-05-27

Atualizado

2025-05-27

CVE-2025-2407

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U

Name of the Vulnerable Software and Affected Versions Mobatime AMX MTAPI v6 versions prior to 1.5

Description The issue concerns Missing Authentication & Authorization in the Web-API of Mobatime AMX MTAPI v6 on IIS, allowing adversaries to gain unrestricted access via the network.

Recommendations For versions prior to 1.5, update to version 1.5 to resolve the issue. As a temporary workaround, consider restricting access to the Web-API to minimize the risk of exploitation.

Correção

Missing Authorization

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-306

Identificadores relacionados

CVE-2025-2407

Produtos afetados

Mobatime Amx Mtapi

PT-2025-22972 · Mobatime · Mobatime Amx Mtapi

CVE-2025-2407

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8