Vulnerabilities (CVE)

Filtered by vendor Weaver Subscribe
Filtered by product Eteams Oa
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16133 1 Weaver 1 Eteams Oa 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.