 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.112248 |
| Kategorie: | Web application abuses |
| Titel: | Kentico CMS < 9.0.51 & < 10.0.48 Access Control Bypass Vulnerability |
| Zusammenfassung: | Kentico CMS is prone to an access control bypass vulnerability. |
| Beschreibung: | Summary: Kentico CMS is prone to an access control bypass vulnerability. Vulnerability Insight: Kentico CMS is vulnerable to an access control bypass as it fails to properly restrict access the installation wizard. It is possible for anunauthenticated user to gain access to these pages and perform actions such as installing a new starter site or obtaining access to the "New site wizard", which automatically authenticates as the Global Administrator. Vulnerability Impact: An unauthenticated attacker may leverage this issue to gain Global Administrator access to a Kentico installation. From there it is possible to perform administrative actions, install news sites or potentially obtain remote code execution. Affected Software/OS: Kentico CMS versions 9 up to 9.0.51 and version 10 up to 10.0.48. Solution: Upgrade Kentico CMS to version 9.0.51 or 10.0.48. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-17736 |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |