6 matches found
CVE-2023-27195
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator account...
CVE-2023-27195
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator...
CVE-2023-27195
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator...
CVE-2023-27195
The provided connected documents confirm a concrete vulnerability in Trimble TM4Web 22.2.0: an unauthenticated user can access a URL to retrieve the last registration access code and then use a PUT request to register a new account. If the retrieved code was used to create an Administrator accoun...
CVE-2023-27195
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator...
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure Vulnerability
An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account,...