CVE-2023-50811

{"id": "CVE-2023-50811", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-03-19T22:15:06.840", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the \u201ccomputer\u201d POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one."}, {"lang": "es", "value": "Un problema descubierto en SELESTA Visual Access Manager 4.38.6 permite a los atacantes modificar el par\u00e1metro POST de la \"computadora\" relacionado con el ID de una recepci\u00f3n espec\u00edfica mediante la interceptaci\u00f3n de solicitudes POST HTTP. Iterando ese par\u00e1metro se ha podido acceder a la aplicaci\u00f3n y tomar el control de muchas otras recepciones adem\u00e1s de la asignada."}], "lastModified": "2024-04-29T19:52:21.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seling:visual_access_manager:4.38.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CC951DF-0489-439E-B190-CA66648DCA5F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}