Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple incorrect access control issues in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/updatealias route; (4) delete users via the /api/user/delalias route; (4) get users via the /api/user/aliases route; (5) add a root group via the /api/user/adduser route; (6) modifiy a group via the /api/user/updateuser route; (7) delete a group via the /api/user/deluser route; (8) get groups via the /api/user/users route; (9) add an admin role via the /api/user/addrole route; (10) modifiy a role via the /api/user/updaterole route; (11) delete a role via the /api/user/delrole route; (12) get roles via the /api/user/roles route.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞
Vulnerability Description
EasyVirt DC Scope和EasyVirt CO2 Scope都是法国EasyVirt公司的产品。EasyVirt DC Scope是一个适用于 VMware 虚拟化 VMware 的监控和管理解决方案。EasyVirt CO2 Scope是一种实时监控 IT 服务、虚拟机和服务器的 CO2 排放的解决方案。 EasyVirt DC Scope 8.6.0及之前版本和EasyVirt CO2 Scope 1.3.0及之前版本存在安全漏洞,该漏洞源于不正确的访问控制问题,允许通过API创建、修改或
CVSS Information
N/A
Vulnerability Type
N/A