ГлавнаяУязвимости → CVE-2025-55370
8.8высокая

CVE-2025-55370

Описание

Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.

Затрагиваемое ПО
Jishenghua Jsherp
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/cina666/CVE/blob/main/jshERP/%E8%B6%8A%E6%9D%83%E8%8E%B7%E5%8F%96%E4%BB%BB%E6%84%8F%E8%B4%A6%E5%8F%B7%E4%BF%A1%E6%81%AF%E5%AE%9E%E7%8E%B0%E4%BB%BB%E6%84%8F%E7%99%BB%E5%BD%95.mdhttps://github.com/jishenghua/jshERP