漏洞标题
N/A
漏洞描述信息
在为Axis Communication进行的年度渗透测试中,Truesec发现ACAP应用程序框架中存在一个漏洞,该漏洞允许应用程序访问框架内受限制的D-Bus方法。
Axis已经发布了修补后的AXIS OS版本来解决这一漏洞。更多详细信息和解决方案,请参考Axis的安全公告。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞类别
认证机制不恰当
漏洞标题
N/A
漏洞描述信息
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
漏洞类别
授权机制不正确