Yimioa Password Modification Vulnerability in Web Security Configuration

Vulnerability

A vulnerability allowing unauthorized modification of Administrator passwords has been identified in Yimioa versions prior to 2024.07.04. This issue arises from incorrect access control in the WebSecurityConfig component, which enables attackers to arbitrarily change passwords.

Impact

Exploitation of this vulnerability allows for unauthorized changes to Administrator passwords, potentially leading to unauthorized administrative access.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yimioa Password Modification Vulnerability in Web Security Configuration

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating