HIGH🇬🇧 English

CVE-2023-39446

CVSS 8.9v3.1pub. 2023-09-18upd. 2024-11-21

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
  • Socomec Modulys Gp

    HW
    Socomec
    wszystkie wersje
  • Socomec Modulys Gp Firmware

    OS
    Socomec
    01.12.10
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-41084CRITICAL10.0ten sam produkt

Session management within the web application is incorrect and allows attackers to steal session co...

CVE-2023-39452HIGH7.5ten sam produkt

The web application that owns the device clearly stores the credentials within the user managem...

CVE-2023-40221HIGH8.8ten sam produkt

The absence of filters when loading some sections in the web application of the vulnerable device...

CVE-2023-41965HIGH7.5ten sam produkt

Sending some requests in the web application of the vulnerable device allows information to be obtained due to...

CVE-2023-38255MEDIUM6.5ten sam produkt

A potential attacker with or without (cookie theft) access to the device would be able to inc...

CVE-2023-39446 — HIGH 8.9 | CVEbaza.pl