exploitDog

CVE-2023-45893

Опубликовано: 02 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

Ссылки

https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md
Third Party Advisory
https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:floorsightsoftware:customer_portal:*:*:*:*:*:*:*:*

Версия до q3_2023 (включая)

EPSS

Процентиль: 77%

0.01006

Низкий

7.5 High

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-5rfq-95qv-rxwp

CVSS3: 7.5

github

около 2 лет назад

An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

EPSS

Процентиль: 77%

0.01006

Низкий

7.5 High

CVSS3

Дефекты

CWE-639

CWE-639