Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
Exploitability
AV:AAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:HVA:LSubsequent System
SC:NSI:NSA:N7.1/CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:NAuthentication