Lucene search
TMLCVE-2023-27256HistoryOct 25, 2023 - 6:17 p.m.
CVE-2023-27256
2023-10-2518:17:26
CWE-306
TML
web.nvd.nist.gov
18
cve-2023-27256
authentication
getlogfiles
idattend
idweb
nvd
security vulnerability
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
24.2%
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
Affected configurations
Node
idattendidwebRange≤3.1.052
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "IDWeb",
"vendor": "IDAttend Pty Ltd",
"versions": [
{
"lessThanOrEqual": "3.1.052",
"status": "affected",
"version": "0",
"versionType": "major"
}
]
}
]Related
nvd
nvd
CVE-2023-27256
2023-10-25 18:17:26
cvelist
cvelist
CVE-2023-27256 Missing Authentication In IDAttend’s IDWeb Application
2023-10-25 10:13:40
prion
prion
Authentication flaw
2023-10-25 18:17:00
vulnrichment
vulnrichment
CVE-2023-27256 Missing Authentication In IDAttend’s IDWeb Application
2023-10-25 10:13:40
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
24.2%
Related for CVE-2023-27256