CVE-2023-48392

EPSS 0.52%
Veröffentlicht 15.12.2023 10:15:07
Zuletzt bearbeitet 21.11.2024 08:31:37
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kaifa ≫ Webitr Attendance System Version2.1.0.23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-48392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-48392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-48392

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-48392