Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Therefore™ Online and Therefore™ On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data
Vulnerability Description
Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.
CVSS Information
N/A
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Therefore Online和Therefore On-Premises 安全漏洞
Vulnerability Description
Therefore Online和Therefore On-Premises都是德国Therefore公司的产品。Therefore Online是一款云端文档管理系统。Therefore On-Premises是一款文档管理系统。 Therefore Online和Therefore On-Premises存在安全漏洞,该漏洞源于存在账户冒充漏洞,可能导致恶意用户冒充Web服务账户或API服务账户访问存储在Therefore中的文档。
CVSS Information
N/A
Vulnerability Type
N/A