CVE-2023-43900

{"id": "CVE-2023-43900", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-11-14T05:15:08.700", "references": [{"url": "https://secpro.llc/emsigner-cve-3/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters."}, {"lang": "es", "value": "Insecure Direct Object References (IDOR) en EMSigner v2.8.7 permiten a los atacantes obtener acceso no autorizado al contenido de la aplicaci\u00f3n y ver datos confidenciales de otros usuarios mediante la manipulaci\u00f3n de los par\u00e1metros documentID y EncryptedDocumentId."}], "lastModified": "2023-11-17T19:36:27.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emsigner:emsigner:2.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9679E6A5-A376-4D47-A0D8-4F8A4C11694E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}