Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Authorization in User Management to Vertical Privilege Escalation
Vulnerability Description
Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Artica Pandora FMS 安全漏洞
Vulnerability Description
Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Artica Pandora FMS v7.0NG.760 及之前版本存在安全漏洞,该漏洞源于 Pandora FMS 允许在用户管理中进行不当授权,其中任何有权访问用户管理模块的经过身份验证的用户都可以创建、修改或删除任何具有完全管理员权限的用户。 这种影响可能导致垂直权限升级以访问更高级别用户或通常是管理员用户的权限。
CVSS Information
N/A
Vulnerability Type
N/A