exploitDog

CVE-2023-6483

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 9.8

EPSS Низкий

Описание

The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform.

Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform.

Ссылки

https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0365
Third Party Advisory
https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0365
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aditaas:allied_digital_integrated_tool-as-a-service:5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-287

EPSS

Процентиль: 34%

0.00136

Низкий

9.1 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-287

CWE-287