Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
Vulnerability Description
An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.
CVSS Information
N/A
Vulnerability Type
特权API的不正确使用
Vulnerability Title
XORUX XorMon-NG 安全漏洞
Vulnerability Description
XORUX XorMon-NG是捷克XORUX公司的一个基础设施性能监控平台。 XORUX XorMon-NG存在安全漏洞,该漏洞源于API端点访问控制不当,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A