CVE-2023-4997

EPSS 0.54%
Veröffentlicht 04.10.2023 11:15:10
Zuletzt bearbeitet 03.03.2025 17:15:11
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Improper authorisation in Uptime DC

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prointegra ≫ Uptimedc Version < 2.0.0.33940

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.413

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvd@cert.pl	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://cert.pl/en/posts/2023/10/CVE-2023-4997/

Third Party Advisory

https://cert.pl/posts/2023/10/CVE-2023-4997/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4997

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4997

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4997

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-4997