Enterprise Video Platform
Monthly
Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) lets a remote, unauthenticated attacker change a victim's password without verifying the existing credential (CWE-620), enabling full account takeover. Reported by Turkey's national CERT (TR-CERT/USOM) and rated CVSS 9.8, the flaw grants complete control over targeted accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to reach a critical function that lacks any authentication check, exposing confidential data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H) indicates trivial network exploitation with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).
Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) lets a remote, unauthenticated attacker change a victim's password without verifying the existing credential (CWE-620), enabling full account takeover. Reported by Turkey's national CERT (TR-CERT/USOM) and rated CVSS 9.8, the flaw grants complete control over targeted accounts. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authentication bypass in Vimesoft Enterprise Video Platform (versions 3.11.0.0 up to but not including 3.25.0) allows remote unauthenticated attackers to reach a critical function that lacks any authentication check, exposing confidential data. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, C:H) indicates trivial network exploitation with high confidentiality impact but no integrity or availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the flaw was reported by Turkey's national CERT (TR-CERT / USOM).