CVE-2023-45598
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A CWE-862 “Missing Authorization” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
Una vulnerabilidad CWE-862 de “autorización faltante” en la funcionalidad de “medición” de la aplicación web permite que un atacante remoto no autenticado acceda a información confidencial de medidas. Este problema afecta: Paquete AiLux imx6 inferior a la versión imx6_1.0.7-2.
A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-10-09 CVE Reserved
- 2024-03-05 CVE Published
- 2024-03-06 EPSS Updated
- 2024-10-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-425: Direct Request ('Forced Browsing')
- CWE-862: Missing Authorization
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
AiLux Search vendor "AiLux" | Imx6 Bundle Search vendor "AiLux" for product "Imx6 Bundle" | < 1.0.7-2 Search vendor "AiLux" for product "Imx6 Bundle" and version " < 1.0.7-2" | en |
Affected
|