CVE-2023-31296

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.

Vulnerabilidad de inyección CSV en Sesami Cash Point & Transport Optimizer (CPTO) versión 6.3.8.6 (#718), permite a los atacantes obtener información confidencial a través del campo User Name.

*Credits: N/A

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-04-27 CVE Reserved
2023-12-29 CVE Published
2024-01-05 EPSS Updated
2024-08-27 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-1236: Improper Neutralization of Formula Elements in a CSV File

CAPEC

References (1)

URL	Tag	Source
https://herolab.usd.de/en/security-advisories/usd-2022-0054	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sesami Search vendor "Sesami"		Cash Point \& Transport Optimizer Search vendor "Sesami" for product "Cash Point \& Transport Optimizer"				6.3.8.6.718 Search vendor "Sesami" for product "Cash Point \& Transport Optimizer" and version "6.3.8.6.718"		-		Affected