Vulnerability Details : CVE-2022-36249
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
Products affected by CVE-2022-36249
- Shopbeat » Shop Beat Media Player » For ARMVersions from including (>=) 2.5.95 and before (<) 3.2.57cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36249
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36249
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-13 |
|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST |
CWE ids for CVE-2022-36249
-
The product requires authentication, but the product has an alternate path or channel that does not require authentication.Assigned by: support@shopbeat.co.za (Secondary)
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-36249
-
https://www.shopbeat.co.za
Shop Beat - Giving Your Shop A BeatProduct
Jump to