6 matches found
CVE-2019-16133
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/...
EUVD-2019-6970
Malware in sbrugna...
CVE-2019-16133
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/...
Code injection
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/...
CVE-2019-16133
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/...
CVE-2019-16133
The CVE-2019-16133 issue affects eteams OA v4.0.34 where session handling is not strictly checked, allowing an ordinary account to obtain account names and passwords of all employees by sending a jsessionid value for URIs under app/profile/summary/. Connected sources (Red Hat RH:CVE-2019-16133 an...