Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Weaver Subscribe
Filtered by product Eteams Oa
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16133 1 Weaver 1 Eteams Oa 2019-09-10 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.