Lucene search
HistoryOct 25, 2023 - 6:17 p.m.
CVE-2023-27257
cve-2023-27257
idattend
idweb
information security
authentication
vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.9%
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
Affected configurations
Node
idattendidwebRange≤3.1.052
| CPE | Name | Operator | Version |
|---|---|---|---|
| idattend:idweb | idattend idweb | le | 3.1.052 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "IDWeb",
"vendor": "IDAttend Pty Ltd",
"versions": [
{
"lessThanOrEqual": "3.1.052",
"status": "affected",
"version": "0",
"versionType": "major"
}
]
}
]Related
cvelist
cvelist
CVE-2023-27257 Missing Authentication In IDAttend’s IDWeb Application
2023-10-25 10:15:17
prion
prion
Authentication flaw
2023-10-25 18:17:00
nvd
nvd
CVE-2023-27257
2023-10-25 18:17:26
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.9%
Related for CVE-2023-27257