CVE-2023-2904

EPSS 0.16%
Veröffentlicht 07.06.2023 22:15:09
Zuletzt bearbeitet 06.01.2025 21:15:09
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hidglobal ≫ Safe Version >= 5.8.0 <= 5.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.363

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

CWE-471 Modification of Assumed-Immutable Data (MAID)

The product does not properly protect an assumed-immutable element from being modified by an attacker.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-2904

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2904

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2904

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-2904