|
|||
Rule General Information |
---|
Release Date: | 2021-06-01 | |
Rule Name: | Tongda OA v11.x-v11.5 Arbitrary Session Disclosure Vulnerability | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Tongda OA is a set of collaborative office automation software independently developed by Beijing Tongda Xinke Technology Co., LTD. Tongda OA version 11.x to 11.5 general/login_code.php page has any Session leakage vulnerability. Successful exploitation of this vulnerability could allow an attacker to read arbitrary sessions and obtain sensitive information, thereby bypassing authentication and performing unauthorized actions. | |
Impact: | An attacker could exploit this vulnerability to obtain sensitive user information and bypass verification. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
Please contact the software vendor to update the software patch. |