Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Trimble TM4Web 权限许可和访问控制问题漏洞
Vulnerability Description
Trimble TM4Web是Trimble公司的一个虚拟仿真平台,旨在帮助用户创建和部署基于 Web 的虚拟现实(VR)和增强现实(AR)应用程序。 Trimble TM4Web 22.2.0版本存在权限许可和访问控制问题漏洞,该漏洞源于访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A