Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-07-18T17:17:29.939Z
Updated: 2023-07-18T17:17:29.939Z
Reserved: 2023-07-13T17:28:15.854Z
Link: CVE-2023-38257
JSON object: View
NVD Information
Status : Modified
Published: 2023-07-18T18:15:12.620
Modified: 2023-11-07T04:17:14.100
Link: CVE-2023-38257
JSON object: View
Redhat Information
No data.
CWE
No CWE.