Blind XPath Injection Vulnerability in UBIKA WAAP Gateway/Cloud 6.10

Blind XPath Injection Vulnerability in UBIKA WAAP Gateway/Cloud 6.10

CVE-2023-26261 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.

Learn more about our Cloud Audit.