CVE-2019-9884

Description

eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

BroadLearning / eclassip – 2.25.10.2.1

References

MISChttps://tvn.twcert.org.tw/taiwanvn/TVN-201904004
MISChttp://surl.twcert.org.tw/b7jfz
MISChttps://zeroday.hitcon.org/vulnerability/ZD-2019-00332