PT-2023-27638 · Unknown · Springblade
Cyvk
·
Published
2023-09-18
·
Updated
2023-09-19
·
CVE-2023-40788
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SpringBlade versions <=V3.6.0
Description
The issue is related to Incorrect Access Control due to an incorrect configuration in the default gateway, resulting in unauthorized access to error logs.
Recommendations
For SpringBlade versions <=V3.6.0, update to a version later than V3.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the default gateway to minimize the risk of exploitation.
Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Springblade