← Back

Eteams Oa

eteams_oa

Vendor: Weaver • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-16133
1Weaver
1Eteams Oa
Nov 21, 2024
Sep 9, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacke...Show more
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.Show less