Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
References
Link | Resource |
---|---|
https://www.shopbeat.co.za | Product |
Configurations
History
02 Jun 2023, 20:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Shopbeat shop Beat Media Player
Shopbeat |
|
CWE | CWE-306 | |
References | (MISC) https://www.shopbeat.co.za - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:shopbeat:shop_beat_media_player:*:*:*:*:*:*:arm:* |
30 May 2023, 21:10
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 20:15
Updated : 2024-02-28 20:13
NVD link : CVE-2022-36249
Mitre link : CVE-2022-36249
CVE.ORG link : CVE-2022-36249
JSON object : View
Products Affected
shopbeat
- shop_beat_media_player