4 matches found
EUVD-2020-30840
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...
CVE-2020-36892
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...
CVE-2020-36894
Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...
CVE-2020-36892
Eibiz i-Media Server Digital Signage 3.8.0 is affected by an unauthenticated privilege escalation in the updateUser object. The issue allows attackers to modify user roles by abusing the /messagebroker/amf endpoint without authentication, enabling privilege elevation and potential account takeove...