CVE-2023-40511

EPSS 0.18%
Veröffentlicht 03.05.2024 03:15:26
Zuletzt bearbeitet 10.04.2025 14:34:37
Quelle zdi-disclosures@trendmicro.com
Teams Watchlist Login
Unerledigt Login

LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the checkServer method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system.
. Was ZDI-CAN-20013.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lg ≫ Simple Editor Version3.21.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
zdi-disclosures@trendmicro.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.zerodayinitiative.com/advisories/ZDI-23-1215/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40511

EUVD