Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tribal SITS:Vision 授权问题漏洞
Vulnerability Description
Tribal SITS:Vision是英国Tribal公司的一套高等教育学生信息管理系统。 Tribal SITS:Vision 9.7.0版本中存在授权问题漏洞,该漏洞源于Uniface TLS Driver在默认情况下没有被启用。攻击者可利用该漏洞访问凭证或执行任意的SQL查询。
CVSS Information
N/A
Vulnerability Type
N/A