PT-2023-31310 · Unknown · Digital Yepas
Published
2023-09-14
·
Updated
2026-05-21
·
CVE-2023-4972
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Digital Yepas version 1.0.0
Description
The issue is related to an Improper Privilege Management vulnerability, allowing the collection of data as provided by users. This can be exploited due to the incorrect use of privileged APIs.
Recommendations
For Digital Yepas version 1.0.0, update to version 1.0.1 to resolve the issue. As a temporary workaround, consider restricting access to privileged APIs until the update is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digital Yepas