CVE-2022-36249
Shop Beat Services Vulnerable To Bypass 2FA via APIs
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.
| CWE | CWE-288 |
| Vendor | shop beat |
| Product | studio |
| Published | May 30, 2023 |
| Last Updated | Jan 13, 2025 |
Stay Ahead of the Next One
Get instant alerts for shop beat studio
Be the first to know when new medium vulnerabilities affecting shop beat studio are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Shop Beat / studio
studio < 3.2.57
Credits
Shop Beat thanks Emirates National Oil Company Limited (ENOC) LLC for the above discovery.