PT-2022-17740 · Tms · Tms

Afeng2016-So

Published

2022-03-20

Updated

2022-03-28

CVE-2022-26247

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions TMS version 2.28.0

Description The issue is related to insecure permissions in the component "/TMS/admin/user/Update2". This allows attackers to modify the administrator account and password.

Recommendations For TMS version 2.28.0, consider restricting access to the "/TMS/admin/user/Update2" component until a patch is available to prevent modification of the administrator account and password.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2022-26247

Affected Products

Tms

PT-2022-17740 · Tms · Tms

CVE-2022-26247

Weakness Enumeration

Related Identifiers

Affected Products

References · 3