Lucene search

TR-CERTCVELIST:CVE-2023-1462

HistoryMar 21, 2023 - 8:16 a.m.

CVE-2023-1462 IDOR in Digikent

2023-03-2108:16:26

CWE-639

TR-CERT

www.cve.org

cve-2023-1462

authorization bypass

user-controlled key

vadi corporate information systems

digikent

authentication abuse

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DigiKent",
    "vendor": "Vadi Corporate Information Systems",
    "versions": [
      {
        "lessThan": "23.03.20",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-23-0161

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

Related for CVELIST:CVE-2023-1462