Vulnerability Details CVE-2017-7312
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-7312
-
cpe:2.3:a:personifycorp:personify360:7.5.2
-
cpe:2.3:a:personifycorp:personify360:7.6
-
cpe:2.3:a:personifycorp:personify360:7.6.1