- Description
- Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
- Severity
- HIGH
- cve@mitre.org
- CWE-472
- Hype score
- Not currently trending
CVE-2025-30236 Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request co… https://t.co/hVrRuxYV4V
@CVEnew
19 Mar 2025
460 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-30236: HIGH] Vulnerability in Shearwater SecurEnvoy SecurAccess Enrol allows bypassing password check with only a six-digit TOTP code via HTTP POST request with a SESSION parameter before 9.4.515.#cybersecurity,#vulnerability https://t.co/1uThDSF0aV https://t.co/e4JUG4m
@CveFindCom
19 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes