Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AUVESY Versiondog
Vulnerability Description
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
AUVESY Versiondog 权限许可和访问控制问题漏洞
Vulnerability Description
AUVESY Versiondog是德国AUVESY公司的一款自动化生产数据和变更管理软件解决方案。 AUVESY Versiondog 存在权限许可和访问控制问题漏洞,该漏洞源于初始握手阶段的网络捕获数据可用于在 SYSDBA 级别进行身份验证。 如果某个特定的 .exe 没有经常重启,就有可能在管理员/客户端连接之间访问所需的握手数据包。 使用 SYSDBA 权限,攻击者可以更改用户密码或删除数据库。
CVSS Information
N/A
Vulnerability Type
N/A