ghsa-rh9w-mh4f-p3x9
Vulnerability from github
Published
2023-03-14 12:30
Modified
2023-03-14 12:30
Severity
Details
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.
{ "affected": [], "aliases": [ "CVE-2023-27309" ], "database_specific": { "cwe_ids": [ "CWE-862" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-03-14T10:15:00Z", "severity": "MODERATE" }, "details": "A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions \u003c V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions.", "id": "GHSA-rh9w-mh4f-p3x9", "modified": "2023-03-14T12:30:46Z", "published": "2023-03-14T12:30:46Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27309" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-260625.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ] }
Loading...