← back
CVE-2023-38257

CVE-2023-38257

CVSS 7.5 HIGHEPSS 0.6%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Jul 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
iagona · ScrutisWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →