An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory |
Configurations
History
28 Oct 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-863 CWE-444 |
29 Apr 2024, 19:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.gruppotim.it/it/footer/red-team.html - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:seling:visual_access_manager:4.38.6:*:*:*:*:*:*:* | |
First Time |
Seling
Seling visual Access Manager |
|
CWE | NVD-CWE-noinfo |
20 Mar 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-19 22:15
Updated : 2024-10-28 19:35
NVD link : CVE-2023-50811
Mitre link : CVE-2023-50811
CVE.ORG link : CVE-2023-50811
JSON object : View
Products Affected
seling
- visual_access_manager
CWE
NVD-CWE-noinfo
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-863Incorrect Authorization