CVE-2023-27377

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IDWeb application versions 3.1.052 and earlier

Description The issue is related to missing authentication in the StudentPopupDetails EmergencyContactDetails method, allowing unauthenticated attackers to extract sensitive student data.

Recommendations For versions 3.1.052 and earlier, consider disabling the StudentPopupDetails EmergencyContactDetails method until a patch is available to prevent exploitation.

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2023-27377

Affected Products

Idweb

CVE-2023-27377

Weakness Enumeration

Related Identifiers

Affected Products

References · 6