PT-2023-25053 · Topdesk · Topdesk

Char49

·

Publicado

2023-06-22

·

Atualizado

2023-06-30

·

CVE-2023-34923

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions TOPdesk version 12.10.12
Description The issue allows bad actors with credentials to authenticate with the Identity Provider to impersonate any TOPdesk user via SAML Response manipulation. This is due to XML Signature Wrapping (XSW) in the SAML-based Single Sign-on feature.
Recommendations For TOPdesk version 12.10.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2023-34923

Produtos afetados

Topdesk