exploitDog

CVE-2023-48375

Опубликовано: 15 дек. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00152

Низкий

8.8 High

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-3qwj-cx3m-c3pj

CVSS3: 8.8

github

около 2 лет назад

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

EPSS

Процентиль: 36%

0.00152

Низкий

8.8 High

CVSS3

Дефекты

CWE-862

CWE-862