Web Request Vulnerability in ekorCCP and ekorRCI: Exploiting Device Control Gap for Malicious Actions

Web Request Vulnerability in ekorCCP and ekorRCI: Exploiting Device Control Gap for Malicious Actions

CVE-2022-47559 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.

Learn more about our Web App Pen Testing.