The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
History

Mon, 14 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Mon, 14 Oct 2024 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Ai3
Ai3 qbibot
CPEs cpe:2.3:h:ai3:qbibot:*:*:*:*:*:*:*:*
Vendors & Products Ai3
Ai3 qbibot
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Description The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
Weaknesses CWE-306

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-04-15T03:26:27.359Z

Updated: 2024-10-14T06:18:27.562Z

Reserved: 2024-04-15T03:09:22.616Z

Link: CVE-2024-3777

cve-icon Vulnrichment

Updated: 2024-08-01T20:20:01.652Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-15T04:15:16.553

Modified: 2024-11-21T09:30:22.660

Link: CVE-2024-3777

cve-icon Redhat

No data.