CVE-2023-31293

Name of the Vulnerable Software and Affected Versions Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6

Description An issue was discovered that allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.

Recommendations For Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6, consider disabling the Reader system user's web browser access to the journal as a temporary workaround until a patch is available. Restrict access to the journal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.