An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2022-05-25T20:15:26.661463Z
Updated: 2024-09-17T02:41:26.775Z
Reserved: 2022-03-14T00:00:00
Link: CVE-2022-26303
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-25T21:15:08.197
Modified: 2023-07-26T18:15:10.663
Link: CVE-2022-26303
Redhat
No data.