1 results (0.002 seconds)
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28866
https://notcve.org/view.php?id=CVE-2022-28866
11 Oct 2022 — Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration prof... • https://www.gruppotim.it/it/footer/red-team.html • CWE-862: Missing Authorization •