Security Advisory

CVE-2024-6425

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-01 12:56:20
Last updated 2024-08-01 21:41:03
Assigner INCIBE
State PUBLISHED

Description

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=<RANDOMUSER>&Password=<PASSWORD>&ConfirmPassword=<PASSWORD-REPEAT>".