Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL DFXServer is affected by a Missing Access Control vulnerability
Vulnerability Description
HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of their identity or authorization level.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
HCL DFXServer 权限许可和访问控制问题漏洞
Vulnerability Description
HCL DFXServer是印度HCL公司的一款企业级服务器产品。 HCL DFXServer 2.5及之前版本存在权限许可和访问控制问题漏洞,该漏洞源于缺少访问控制,导致某些端点无需任何形式的身份验证即可访问,网络用户可以调用这些API并与应用程序交互。
CVSS Information
N/A
Vulnerability Type
N/A