Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
直接请求(强制性浏览)
Vulnerability Title
HYPR Server 安全漏洞
Vulnerability Description
HYPR和HYPR Server都是HYPR公司的产品。HYPR是一个实现无密码的安全应用程序。HYPR Server是一个服务器。 HYPR Server 6.10到6.15.1版本存在安全漏洞,该漏洞源于强制浏览漏洞允许具有有效一次性恢复令牌的远程攻击者通过Magic Link页面篡改路径提升权限。
CVSS Information
N/A
Vulnerability Type
N/A