exploitDog

CVE-2023-24625

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.

Ссылки

https://cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896
Exploit
Third Party Advisory
https://medium.com/%40cupc4k3/vulnerabilities-in-faveo-service-desk-37a63f53d896
https://www.faveohelpdesk.com/servicedesk/
Product
https://cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896
Exploit
Third Party Advisory
https://medium.com/%40cupc4k3/vulnerabilities-in-faveo-service-desk-37a63f53d896
https://www.faveohelpdesk.com/servicedesk/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ladybirdweb:faveo_servicedesk:5.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00084

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-99fr-5jwf-5mf5

CVSS3: 6.5

github

почти 3 года назад

Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.

EPSS

Процентиль: 25%

0.00084

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-639

CWE-639