An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1488 | Exploit Mitigation Third Party Advisory |
Configurations
Information
Published : 2022-05-25 14:15
Updated : 2022-06-03 05:02
NVD link : CVE-2022-26303
Mitre link : CVE-2022-26303
JSON object : View
CWE
CWE-306
Missing Authentication for Critical Function
Products Affected
openautomationsoftware
- oas_platform