"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users'…
jpcert·CWE-288·Published 2024-11-26
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Sharp and Toshiba Tec MFPs "sessionlist.html" y "sys_trayentryreboot.html" son accesibles sin autenticación. "sessionlist.html" proporciona información de la sesión de los usuarios que han iniciado sesión, incluidas las cookies de sesión, y "sys_trayentryreboot.html" permite reiniciar el dispositivo. En cuanto a los detalles de los nombres de los productos afectados, los números de modelo y las versiones, consulte la información proporcionada por los respectivos proveedores que se enumeran en [Referencias].
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 9.1 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | Secondary | NVD | 9.1 | 3.9 | 5.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |