CVE-2023-33368

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
assaabloycontrol_id_idsecure
𝑥
≤ 4.7.26.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://claroty.com/team82/disclosure-dashboard/cve-2023-33368
https://www.controlid.com.br/en/access-control/idsecure/
https://claroty.com/team82/disclosure-dashboard/cve-2023-33368
https://www.controlid.com.br/en/access-control/idsecure/