CVE-2023-48375

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*

History

20 Dec 2023, 13:45

Type Values Removed Values Added
First Time Csharp
Csharp cws Collaborative Development Platform
CPE cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*
CWE CWE-862
References () https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html - () https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html - Third Party Advisory

15 Dec 2023, 13:42

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 08:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-48375

Mitre link : CVE-2023-48375

CVE.ORG link : CVE-2023-48375


JSON object : View

Products Affected

csharp

  • cws_collaborative_development_platform
CWE
CWE-862

Missing Authorization