PT-2023-32512 · Unknown · Ics Business Manager

Andrés Elizalde Galdeano

Publicado

2023-11-13

Atualizado

2023-11-17

CVE-2023-6098

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions ICS Business Manager version 7.06.0028.7066

Description A security issue has been identified, allowing a remote attacker to send a specially crafted string, exploiting the obdd act parameter. This could enable the attacker to steal an authenticated user's session and perform actions within the application.

Recommendations For ICS Business Manager version 7.06.0028.7066, consider restricting access to the obdd act parameter until a patch is available. As a temporary workaround, avoid using the obdd act parameter in sensitive operations to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-6098

Produtos afetados

Ics Business Manager

PT-2023-32512 · Unknown · Ics Business Manager

CVE-2023-6098

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3