6 matches found
CVE-2023-2885
CVE-2023-2885 affects CBOT Chatbot: improper enforcement of message integrity during transmission in a non-endpoint channel, enabling adversary-in-the-middle (AiTM) attacks. Affected: Core before v4.0.3.4 and Panel before v4.0.3.7. Exploitation status not stated in the provided docs. Remediation:...
CVE-2023-2886
The CVE-2023-2886 entry concerns CBOT Chatbot core software and its WebSockets origin validation. Affected: CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. Root cause: Missing Origin Validation in WebSockets, enabling content spoofing via the application API manipulation. Impact:...
CVE-2023-2882
CVE-2023-2882 affects CBOT Chatbot Core before v4.0.3.4 and Panel before v4.0.3.7. The issue is the generation of incorrect security tokens, which allows token impersonation and privilege abuse (privilege escalation). Affected components: Core token generation and Panel handling. Reported impact ...
CVE-2023-2887
Summary: CVE-2023-2887 is an authentication bypass by spoofing affecting CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability allows unauthorized access by spoofing authentication. The NVD/related records assign a high impact with CVSS v3.1 scores of 9.8 (NETWORK, HI...
CVE-2023-2883
The CVE-2023-2883 issue affects CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7, described as an Authorization Bypass through a User-Controlled Key that enables Authentication Abuse. The vulnerability is documented across sources (NVD entry and CVE records) with a CVSS v3.1 base s...
CVE-2023-2884
CVE-2023-2884 concerns CBOT Chatbot’s cryptographically weak PRNG and insufficiently random values, enabling signature spoofing by key recreation. Public details indicate affected components: Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability resides in the randomness used for ...