In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath...
Critical severity
Unreviewed
Published
Mar 8, 2023
to the GitHub Advisory Database
•
Updated Mar 23, 2023
Description
Published by the National Vulnerability Database
Mar 8, 2023
Published to the GitHub Advisory Database
Mar 8, 2023
Last updated
Mar 23, 2023
In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.
References