SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html | Third Party Advisory |
Configurations
History
20 Dec 2023, 13:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Csharp
Csharp cws Collaborative Development Platform |
|
CPE | cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:* | |
CWE | CWE-862 | |
References | () https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html - Third Party Advisory |
15 Dec 2023, 13:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-15 08:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-48375
Mitre link : CVE-2023-48375
CVE.ORG link : CVE-2023-48375
JSON object : View
Products Affected
csharp
- cws_collaborative_development_platform
CWE
CWE-862
Missing Authorization