Lucene search

Japan Vulnerability NotesJVN:74592196

HistoryOct 11, 2022 - 12:00 a.m.

JVN#74592196: bingo!CMS vulnerable to authentication bypass

2022-10-1100:00:00

Japan Vulnerability Notes

jvn.jp

bingo!cms

authentication bypass

cwe-288

shift tech inc.

arbitrary file upload

software update

version 1.7.4.2

version1.7.4.1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

bingo!CMS provided by Shift Tech Inc. contains an authentication bypass vulnerability (CWE-288) in some of the management functions.

Shift Tech Inc. states that attacks exploiting this vulnerability have been observed.

Impact

Accessing a specific URL directly may allow a remote unauthenticated attacker to upload an arbitrary file without authentication.
As a result, an arbitrary script may be executed and/or a file may be altered.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
This vulnerability has been addressed in version 1.7.4.2.

Products Affected

bingo!CMS version1.7.4.1 and earlier

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for JVN:74592196