Marval MSM up to and including 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
marvalglobal msm 15.0 |
||
marvalglobal msm |