Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-2904
HistoryJun 07, 2023 - 10:15 p.m.

Race condition

2023-06-0722:15:00
PRIOn knowledge base
www.prio-n.com
4
api manipulation
account credentials
visitor id
personal data access
denial-of-service

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.8%

JSON

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

CPENameOperatorVersion
safege5.8.0
safele5.11.3

Related

cve 1
nvd 1
ics 1
cvelist 1
cve
cve
CVE-2023-2904
2023-06-07 22:15:09
nvd
nvd
CVE-2023-2904
2023-06-07 22:15:09
ics
ics
HID Global SAFE
2023-06-01 12:00:00
cvelist
cvelist
CVE-2023-2904 CVE-2023-2904
2023-06-07 21:59:24

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.8%

JSON
Related for PRION:CVE-2023-2904
cve1nvd1ics1cvelist1