Lucene search
GoogleOSV:CVE-2023-45824HistoryMar 25, 2024 - 7:15 p.m.
CVE-2023-45824
2024-03-2519:15:57
Google
osv.dev
6
oroplatform
bap
page state
data access
vulnerability
fixed
5.1.4
php
business
application
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0
Percentile
9.0%
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.
Related
nvd
nvd
CVE-2023-45824
2024-03-25 19:15:57
cvelist
cvelist
github
github
Pinned entity creation form shows wrong data
2024-03-25 19:39:21
osv
osv
Pinned entity creation form shows wrong data
2024-03-25 19:39:21
veracode
veracode
Unauthorized Access
2024-03-29 13:16:43
cve
cve
CVE-2023-45824
2024-03-25 19:15:57
vulnrichment
vulnrichment
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for OSV:CVE-2023-45824