PT-2023-14300 · Gx · Xperiencentral
Published
2023-07-26
·
Updated
2023-08-04
·
CVE-2022-43712
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GX Software XperienCentral versions 10.36.0 and earlier
Description
The issue allows unauthorized users to post data to the server by sending POST requests to the
/web/mvc endpoint if they can bypass other security filters.Recommendations
For GX Software XperienCentral versions 10.36.0 and earlier, consider blocking unauthorized POST requests to the
/web/mvc endpoint to prevent unauthorized data from being posted to the server. As a temporary workaround, restrict access to this endpoint for unauthenticated users until a fix is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xperiencentral