CVE-2022-36249

MEDIUM Year: 2022
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-288
View all →

Vulnerability Description

Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.

Related Vulnerabilities

CVE-2017-6871

MEDIUM
CVSS:5.4(Medium)

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacke...

CWE-2882017

CVE-2024-52586

MEDIUM
CVSS:5.4(Medium)

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's bui...

CWE-2882024

CVE-2020-10048

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password pr...

CWE-2882020

CVE-2020-11005

MEDIUM
CVSS:5.5(Medium)

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing a...

CWE-2882020

CVE-2021-32958

MEDIUM
CVSS:5.5(Medium)

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, su...

CWE-2882021

CVE-2022-23725

MEDIUM
CVSS:5.5(Medium)

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CWE-2882022