Cognix Platform
Monthly
Cognix Platform's web API lacks authentication and authorization controls, enabling unauthenticated remote attackers to access restricted application functionality over the network. This vulnerability affects Tata Consultancy Services Cognix Recon Client v3.0 and poses a high risk due to its ease of exploitation and lack of authentication requirements. No patch is currently available.
Cognix Platform's password reset function fails to properly validate user permissions, enabling authenticated attackers to reset passwords for any user account through specially crafted requests. This broken access control vulnerability affects Cognix Recon Client v3.0 and carries high severity due to the potential for unauthorized account takeovers. No patch is currently available.
Privilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume higher-privileged roles through specially crafted requests. This vulnerability affects all users with valid credentials and could allow attackers to gain unauthorized administrative access. No patch is currently available.
Cognix Platform's web API lacks authentication and authorization controls, enabling unauthenticated remote attackers to access restricted application functionality over the network. This vulnerability affects Tata Consultancy Services Cognix Recon Client v3.0 and poses a high risk due to its ease of exploitation and lack of authentication requirements. No patch is currently available.
Cognix Platform's password reset function fails to properly validate user permissions, enabling authenticated attackers to reset passwords for any user account through specially crafted requests. This broken access control vulnerability affects Cognix Recon Client v3.0 and carries high severity due to the potential for unauthorized account takeovers. No patch is currently available.
Privilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume higher-privileged roles through specially crafted requests. This vulnerability affects all users with valid credentials and could allow attackers to gain unauthorized administrative access. No patch is currently available.