CNVD-2015-05821
Vulnerability from cnvd - Published: 2015-10-04
VLAI Severity ?
Title
泛微e-office协同管理平台权限绕过漏洞
Description
泛微e-office协同管理平台存在登录绕过漏洞,攻击者在没有登录凭证的情况下可以直接以超级管理员的权限登录OA系统。
Severity
中
Formal description
严格控制SESSION赋值
Impacted products
| Name | 上海泛微网络科技股份有限公司 e-office |
|---|
{
"description": "\u6cdb\u5faee-office\u534f\u540c\u7ba1\u7406\u5e73\u53f0\u5b58\u5728\u767b\u5f55\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5728\u6ca1\u6709\u767b\u5f55\u51ed\u8bc1\u7684\u60c5\u51b5\u4e0b\u53ef\u4ee5\u76f4\u63a5\u4ee5\u8d85\u7ea7\u7ba1\u7406\u5458\u7684\u6743\u9650\u767b\u5f55OA\u7cfb\u7edf\u3002",
"discovererName": "\u5b59\u5efa\u5e73",
"formalWay": "\u4e25\u683c\u63a7\u5236SESSION\u8d4b\u503c",
"isEvent": "\u4e8b\u4ef6\u578b\u6f0f\u6d1e",
"number": "CNVD-2015-05821",
"openTime": "2015-10-04",
"products": {
"product": "\u4e0a\u6d77\u6cdb\u5fae\u7f51\u7edc\u79d1\u6280\u80a1\u4efd\u6709\u9650\u516c\u53f8 e-office"
},
"serverity": "\u4e2d",
"submitTime": "2015-08-20",
"title": "\u6cdb\u5faee-office\u534f\u540c\u7ba1\u7406\u5e73\u53f0\u6743\u9650\u7ed5\u8fc7\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…