Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gruppotim.it/it/footer/red-team.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-27T00:00:00
Updated: 2024-08-03T12:07:42.916Z
Reserved: 2022-09-05T00:00:00
Link: CVE-2022-39811
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-27T22:15:08.333
Modified: 2024-11-21T07:18:18.083
Link: CVE-2022-39811
Redhat
No data.