CVE-2023-1462 - OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vadi	Digikent

Configuration 1 [-]

cpe:2.3:a:vadi:digikent:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0161	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-03-21T08:16:26.952Z

Updated: 2023-03-26T19:53:24.845Z

Reserved: 2023-03-17T07:54:13.559Z

Link: CVE-2023-1462

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-21T09:15:10.497

Modified: 2023-11-07T04:03:45.510

Link: CVE-2023-1462

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1462", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-03-17T07:54:13.559Z", "datePublished": "2023-03-21T08:16:26.952Z", "dateUpdated": "2023-03-26T19:53:24.845Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DigiKent", "vendor": "Vadi Corporate Information Systems", "versions": [{"lessThan": "23.03.20", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mustafa Anil YILDIRIM"}], "datePublic": "2023-03-21T08:10:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. <span style=\"background-color: var(--wht);\">This issue affects DigiKent: before 23.03.20.</span>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse.\u00a0This issue affects DigiKent: before 23.03.20."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}, {"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-03-26T19:53:24.845Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0161"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the version to >=23.03.20"}], "value": "Update the version to >=23.03.20"}], "source": {"advisory": "TR-23-0161", "defect": ["TR-23-0161"], "discovery": "EXTERNAL"}, "title": "IDOR in Digikent", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}