Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
uniFLOW Online device registration susceptible to compromise
Vulnerability Description
The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user.
CVSS Information
N/A
Vulnerability Type
通信信道源的不正确验证
Vulnerability Title
NT-ware uniFLOW Online 安全漏洞
Vulnerability Description
NT-ware uniFLOW Online是NT-ware公司的一款安全的公共云打印和扫描解决方案。 NT-ware uniFLOW Online 2024.1.0及之前版本存在安全漏洞,该漏洞源于当启用了电子邮件登录的租户可能会受到破坏。此漏洞可能允许攻击者在系统中针对真实用户进行注册,并使恶意用户通过应用程序获得与现有真实用户相似的访问权限和能力。
CVSS Information
N/A
Vulnerability Type
N/A