We found results for “”
WS-2021-0615
Good to know:
Date: June 8, 2021
In Axelor Open-Suite, versions v4.0.0-rc1 through v6.0.11 are vulnerable to an infinite loop in the MRP component. An authenticated attacker can misconfigure the MRP configuration to consume excessive amounts of resources like CPU or memory, and cause the program to slow down or even cause a DoS.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-835Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |