Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ExaGrid EX10 安全漏洞
Vulnerability Description
ExaGrid EX10是美国ExaGrid公司的一款备份存储服务器。 ExaGrid EX10 6.3至7.0.1.P08版本存在安全漏洞,该漏洞源于API请求处理不当,可能导致绕过权限限制。
CVSS Information
N/A
Vulnerability Type
N/A