漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Deloitte AI Assist for Customer unauthenticated configuration write
Vulnerability Description
Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API endpoints that allowed a remote attacker to make limited additions to the configuration. These additions were not used by the system. On 2026-03-25, AI Assist for Customer restricted network access and enforced authentication for the previously exposed endpoints.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Deloitte AI Assist for Customer 授权问题漏洞
Vulnerability Description
Deloitte AI Assist for Customer是Deloitte公司的一款面向客户的人工智能辅助应用程序。 Deloitte AI Assist for Customer存在授权问题漏洞,该漏洞源于接受未经身份验证的POST请求,允许远程攻击者对配置进行有限添加。
CVSS Information
N/A
Vulnerability Type
N/A