Lucene search

[email protected]CVE-2023-50811

HistoryMar 19, 2024 - 10:15 p.m.

CVE-2023-50811

2024-03-1922:15:06

[email protected]

web.nvd.nist.gov

cve-2023-50811

selesta visual access manager

security issue

post parameter

http request interception

application security

reception control

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

JSON

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.

Affected configurations

NVD

Node

selingvisual_access_managerMatch4.38.6

CPENameOperatorVersion
seling:visual_access_managerseling visual access managereq4.38.6

CPE	Name	Operator	Version
seling:visual_access_manager	seling visual access manager	eq	4.38.6

References

www.gruppotim.it/it/footer/red-team.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.9 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVE-2023-50811

cvelist1 nvd1