Lucene search
Veracode Vulnerability DatabaseVERACODE:36910HistorySep 02, 2022 - 7:43 a.m.
Privilege Escalation
2022-09-0207:43:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
44.6%
shenyu-admin is vulnerable to privilege escalation. The vulnerability exists in modifyPassword function in DashboardUserController.java because it allows a low-permission administrator to modify high-permission administrator passwords which allows the attacker to perform unauthorized actions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shenyu-admin | le | 2.4.3 | |
| shenyu-admin | le | 2.4.3 |
Related
cvelist
cvelist
CVE-2022-37435 Apache ShenYu Admin Improper Privilege Management
2022-09-01 14:00:14
cve
cve
CVE-2022-37435
2022-09-01 14:15:10
osv
osv
CVE-2022-37435
2022-09-01 14:15:10
Apache ShenYu Admin has insecure permissions
2022-09-02 00:01:09
prion
prion
Design/Logic Flaw
2022-09-01 14:15:00
nvd
nvd
CVE-2022-37435
2022-09-01 14:15:10
github
github
Apache ShenYu Admin has insecure permissions
2022-09-02 00:01:09