← voltar
CVE-2023-0967

CVE-2023-0967

CVSS 6.5 MEDIUMEPSS 0.7%CWE-639
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 abr 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
n/a · Bhima

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://fluidattacks.com/advisories/ingrosso/https://github.com/IMA-WorldHealth/bhima/