CVE-2023-6451

Sažetak

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Reference

https://www.themissinglink.com.au/security-advisories/cve-2023-6451
https://www.themissinglink.com.au/security-advisories/cve-2023-6451

CVSS

Base:	8.6
Impact:	4.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Zadnje važnije ažuriranje

09-01-2025 - 14:56

Objavljeno

16-02-2024 - 04:15