3 matches found
CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...
CVE-2023-47323
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those sent only to administrators...
CVE-2023-47323
CVE-2023-47323 affects Silverpeas Core 6.3.1: the notification/messaging API does not enforce access control on the ID parameter, enabling an attacker to read messages exchanged between users, including messages addressed to administrators. This is a confidentiality risk (C, HIGH impact) with CVS...