CVE-2022-36249

CVE-2022-36249: Shop Beat Services Vulnerable To Bypass 2FA via APIs

Vendor Shop Beat
Product studio
Weakness CWE-288
Published May 30, 2023
Last update January 13, 2025

CVSS base score

What the vulnerability does

01Description

Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.

Key dates

02Disclosure timeline

May 30, 2023 CVE published
January 13, 2025 Record updated

Related vulnerabilities

04Related CVE