PT-2023-29037 · Emsigner · Emsigner

Jean Paul Granados

Published

2023-11-13

Updated

2023-11-17

CVE-2023-43900

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions EMSigner version 2.8.7

Description The issue allows attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. This is due to Insecure Direct Object References (IDOR) in the application.

Recommendations For EMSigner version 2.8.7, consider restricting access to the documentID and EncryptedDocumentId parameters to minimize the risk of exploitation. As a temporary workaround, avoid using these parameters in sensitive operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2023-43900

Affected Products

Emsigner

PT-2023-29037 · Emsigner · Emsigner

CVE-2023-43900

Weakness Enumeration

Related Identifiers

Affected Products

References · 5