Lucene search
TMLCVE-2023-26575HistoryOct 25, 2023 - 6:17 p.m.
CVE-2023-26575
2023-10-2518:17:25
CWE-306
TML
web.nvd.nist.gov
19
cve-2023-26575
missing authentication
searchstudentsstaff
idattend
idweb
data extraction
sensitive data
unauthenticated attackers
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
42.1%
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
Affected configurations
Node
idattendidwebRange≤3.1.052
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "IDWeb",
"vendor": "IDAttend Pty Ltd",
"versions": [
{
"lessThanOrEqual": "3.1.052",
"status": "affected",
"version": "0",
"versionType": "major"
}
]
}
]Related
nvd
nvd
CVE-2023-26575
2023-10-25 18:17:25
cvelist
cvelist
CVE-2023-26575 Missing Authentication In IDAttend’s IDWeb Application
2023-10-25 09:37:36
prion
prion
Authentication flaw
2023-10-25 18:17:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
42.1%
Related for CVE-2023-26575