CVE-2023-43900

Name of the Vulnerable Software and Affected Versions EMSigner version 2.8.7

Description The issue allows attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. This is due to Insecure Direct Object References (IDOR) in the application.

Recommendations For EMSigner version 2.8.7, consider restricting access to the documentID and EncryptedDocumentId parameters to minimize the risk of exploitation. As a temporary workaround, avoid using these parameters in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.