Lucene search
K

42 matches found

ATTACKERKB
ATTACKERKB
added 2021/05/07 11:15 a.m.2 views

CVE-2020-36125

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...

7.1CVSS5.4AI score0.00939EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/05/07 11:15 a.m.2 views

CVE-2020-36127

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...

6.5CVSS5.5AI score0.00681EPSS
Exploits1References4
Prion
Prion
added 2021/05/07 11:15 a.m.17 views

Xxe

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...

4CVSS6.7AI score0.01258EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/05/07 11:15 a.m.21 views

Hardcoded credentials

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...

5.5CVSS6.9AI score0.00939EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/05/07 11:15 a.m.19 views

Information disclosure

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...

4CVSS6.3AI score0.00681EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/05/07 11:15 a.m.13 views

Spoofing

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

6.4CVSS8AI score0.01158EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/05/07 11:15 a.m.5 views

CVE-2020-36124

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...

6.5CVSS5.5AI score0.01258EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/05/07 10:35 a.m.16 views

CVE-2020-36124

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...

6.7AI score0.01258EPSS
Exploits1References3
CVE
CVE
added 2021/05/07 10:35 a.m.46 views

CVE-2020-36124

CVE-2020-36124 affects Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier. The issue is XML External Entity (XXE) injection that allows an authenticated attacker to compromise the private keys of a JWT token and reuse them to manipulate access tokens, enabling access to the platform as any...

6.5CVSS6.6AI score0.01258EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/05/07 10:35 a.m.19 views

CVE-2020-36125

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...

7AI score0.00939EPSS
Exploits1References3
CVE
CVE
added 2021/05/07 10:35 a.m.42 views

CVE-2020-36125

Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier are affected by an access-control vulnerability that lets an authenticated attacker bypass password re-verification in sensitive operations by directly requesting the endpoint. Root cause: improper access control in PaxSTORE; impact: remot...

7.1CVSS6.9AI score0.00939EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/05/07 10:34 a.m.40 views

CVE-2020-36126

PAX Technology PAXSTORE v7.0.8_20200511171508 and earlier versions are affected by an incorrect access control vulnerability that enables authenticated users to read/write data they do not own, potentially impersonating other users and causing unauthorized disclosure, modification, or destruction...

8.1CVSS7.9AI score0.01401EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/05/07 10:34 a.m.21 views

CVE-2020-36126

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...

8.1AI score0.01401EPSS
Exploits1References3
CVE
CVE
added 2021/05/07 10:34 a.m.45 views

CVE-2020-36127

PAX Technology PAXSTORE v7.0.8_20200511171508 and earlier are affected by an information disclosure vulnerability. The issue arises via the PUK signature functionality, where an administrator cannot view the current p12 certificate password, and when replacing the certificate the new p12 is retur...

6.5CVSS6.3AI score0.00681EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/05/07 10:34 a.m.25 views

CVE-2020-36127

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...

6.4AI score0.00681EPSS
Exploits1References3
CVE
CVE
added 2021/05/07 10:34 a.m.44 views

CVE-2020-36128

CVE-2020-36128 affects Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier. The vulnerability stems from token impersonation: each terminal uses an X-Terminal-Token to access the marketplace, and an attacker can intercept HTTPS requests to obtain the token assignment and craft a token to im...

8.2CVSS8AI score0.01158EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/05/07 10:34 a.m.25 views

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

8.1AI score0.01158EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.7 views

PAX Technology PAXSTORE 信任管理问题漏洞

PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...

6.5CVSS5.6AI score0.00681EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.5 views

Pax Technology PAXSTORE 代码问题漏洞

PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...

6.5CVSS5.7AI score0.01258EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.7 views

PAX Technology PAXSTORE 授权问题漏洞

PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An access control error vulnerability exists in Pax Technology PAXSTORE version v7.0.820200511171508...

7.1CVSS5.7AI score0.00939EPSS
Exploits1References3
Rows per page
Query Builder