Filtered by vendor Trimble
Subscriptions
Filtered by product Tm4web
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27195 | 1 Trimble | 1 Tm4web | 2024-11-21 | 9.8 Critical |
| Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges. | ||||
Page 1 of 1.