CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37362 – Weintek Weincloud Improper Authentication
https://notcve.org/view.php?id=CVE-2023-37362
19 Jul 2023 — Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32657 – Weintek Weincloud Improper Restriction of Excessive Authentication Attempts
https://notcve.org/view.php?id=CVE-2023-32657
19 Jul 2023 — Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34429 – Weintek Weincloud Improper Handling of Structural Elements
https://notcve.org/view.php?id=CVE-2023-34429
19 Jul 2023 — Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04 • CWE-237: Improper Handling of Structural Elements •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35134 – Weintek Weincloud Weak Password Recovery Mechanism for Forgotten Password
https://notcve.org/view.php?id=CVE-2023-35134
19 Jul 2023 — Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •