42 matches found
CVE-2020-36125
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...
CVE-2020-36127
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...
Xxe
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...
Hardcoded credentials
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...
Information disclosure
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...
Spoofing
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
CVE-2020-36124
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...
CVE-2020-36124
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...
CVE-2020-36124
CVE-2020-36124 affects Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier. The issue is XML External Entity (XXE) injection that allows an authenticated attacker to compromise the private keys of a JWT token and reuse them to manipulate access tokens, enabling access to the platform as any...
CVE-2020-36125
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...
CVE-2020-36125
Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier are affected by an access-control vulnerability that lets an authenticated attacker bypass password re-verification in sensitive operations by directly requesting the endpoint. Root cause: improper access control in PaxSTORE; impact: remot...
CVE-2020-36126
PAX Technology PAXSTORE v7.0.8_20200511171508 and earlier versions are affected by an incorrect access control vulnerability that enables authenticated users to read/write data they do not own, potentially impersonating other users and causing unauthorized disclosure, modification, or destruction...
CVE-2020-36126
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated user to read and write data not owned by them, including third-party users, application and payment...
CVE-2020-36127
PAX Technology PAXSTORE v7.0.8_20200511171508 and earlier are affected by an information disclosure vulnerability. The issue arises via the PUK signature functionality, where an administrator cannot view the current p12 certificate password, and when replacing the certificate the new p12 is retur...
CVE-2020-36127
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the...
CVE-2020-36128
CVE-2020-36128 affects Pax Technology PAXSTORE v7.0.8_20200511171508 and earlier. The vulnerability stems from token impersonation: each terminal uses an X-Terminal-Token to access the marketplace, and an attacker can intercept HTTPS requests to obtain the token assignment and craft a token to im...
CVE-2020-36128
Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...
PAX Technology PAXSTORE 信任管理问题漏洞
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...
Pax Technology PAXSTORE 代码问题漏洞
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An information disclosure vulnerability exists in Pax Technology PAXSTORE version v7.0.8202005111715...
PAX Technology PAXSTORE 授权问题漏洞
PAX Technology PAXSTORE is an application from China PAX PAX Inc. An ecosystem that connects 2.5 million terminals, thousands of application developers and 180+ markets in 80+ countries worldwide. An access control error vulnerability exists in Pax Technology PAXSTORE version v7.0.820200511171508...