CVE-2023-48375

SmartStar Software CWS Web-Base - Broken Access Control

CVSS 8.8 HIGHEPSS 0.7%CWE-862

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 dic 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

SmartStar Software · CWS Web-Base

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html