CVE-2023-45893
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
Una referencia de objeto indirecto (IDOR) en las pĆ”ginas Order y Invoice de Floorsight Customer Portal Q3 2023 permite a un atacante remoto no autenticado ver informaciĆ³n confidencial del cliente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-16 CVE Reserved
- 2024-01-02 CVE Published
- 2024-01-10 EPSS Updated
- 2024-09-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Floorsightsoftware Search vendor "Floorsightsoftware" | Customer Portal Search vendor "Floorsightsoftware" for product "Customer Portal" | <= q3_2023 Search vendor "Floorsightsoftware" for product "Customer Portal" and version " <= q3_2023" | - |
Affected
| ||||||