CVE-2023-49233

{"id": "CVE-2023-49233", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-03T17:15:14.400", "references": [{"url": "https://www.schutzwerk.com/blog/schutzwerk-sa-2023-005/", "source": "cve@mitre.org"}, {"url": "https://www.visual-planning.com/en/support-portal/updates", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level."}, {"lang": "es", "value": "Los controles de acceso insuficientes en Visual Planning Admin Center 8 antes de la versi\u00f3n 1, compilaci\u00f3n 240207 permiten que los atacantes que poseen una cuenta de Visual Planning no administrativa utilicen funciones que normalmente est\u00e1n reservadas para los administradores. Las funciones afectadas permiten a los atacantes obtener distintos tipos de credenciales configuradas y potencialmente elevar sus privilegios al nivel de administrador."}], "lastModified": "2024-10-24T20:35:03.457", "sourceIdentifier": "cve@mitre.org"}