Overview
- Description
- RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has exposed a privileged token via a public API endpoint (Incorrect Access Control). The token can be used to escalate privileges within the Digital Rebar system and grant full administrative access.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38C8E8E4-2D51-42EF-A948-1AF6CE7D212A",
"versionEndIncluding": "4.6.14"
},
{
"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05A73545-E0D5-4071-B09A-DBD5B37228E5",
"versionEndIncluding": "4.7.22",
"versionStartIncluding": "4.7"
},
{
"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93D773DA-CD98-4C60-A416-0C604785C509",
"versionEndIncluding": "4.8.5",
"versionStartIncluding": "4.8"
},
{
"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F1B5E66-535C-489E-9549-7ED84E1F913B",
"versionEndIncluding": "4.9.12",
"versionStartIncluding": "4.9"
},
{
"criteria": "cpe:2.3:a:rackn:digital_rebar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03441E81-8A51-4813-B46C-E43B2C60764D",
"versionEndIncluding": "4.10.8",
"versionStartIncluding": "4.10"
}
],
"operator": "OR"
}
]
}
]