Unrated severityNVD Advisory· Published Sep 9, 2019· Updated Aug 5, 2024
CVE-2019-16133
CVE-2019-16133
Description
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
Affected products
2- eteams OA/eteams OAdescription
Patches
Vulnerability mechanics
References
1- www.iwantacve.cn/index.php/archives/271/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.