CVE-2023-40510

EPSS 0.18%
Published 03.05.2024 03:15:26
Last modified 10.04.2025 14:37:53
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system.
. Was ZDI-CAN-20012.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Lg ≫ Simple Editor Version3.21.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
zdi-disclosures@trendmicro.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.zerodayinitiative.com/advisories/ZDI-23-1214/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40510

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40510

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40510

EUVD