The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html |
History
Mon, 14 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 |
Mon, 14 Oct 2024 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ai3
Ai3 qbibot |
|
CPEs | cpe:2.3:h:ai3:qbibot:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ai3
Ai3 qbibot |
|
Metrics |
ssvc
|
Mon, 14 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. |
Weaknesses | CWE-306 |
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-15T03:26:27.359Z
Updated: 2024-10-14T06:18:27.562Z
Reserved: 2024-04-15T03:09:22.616Z
Link: CVE-2024-3777
Vulnrichment
Updated: 2024-08-01T20:20:01.652Z
NVD
Status : Awaiting Analysis
Published: 2024-04-15T04:15:16.553
Modified: 2024-11-21T09:30:22.660
Link: CVE-2024-3777
Redhat
No data.