Lucene search
06fe5fd2bc53027c4a3b7e395af0b850e7b8a044ZDI-23-1399HistorySep 08, 2023 - 12:00 a.m.
Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability
2023-09-0800:00:00
06fe5fd2bc53027c4a3b7e395af0b850e7b8a044
www.zerodayinitiative.com
9
visualware myconnection server
authentication bypass
dortaaccessctconfig
remote attackers
user interaction
validation
user-supplied data
arbitrary script
injection
EPSS
0.001
Percentile
16.2%
This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the doRTAAccessCTConfig method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system.
Related
nvd
nvd
CVE-2023-42034
2024-05-03 03:15:36
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2023-42034
2024-05-03 03:15:36
openvas
openvas
MyConnection Server 11.3c < 11.3d Multiple Vulnerabilities
2024-05-11 00:00:00