PT-2023-32512 · Unknown · Ics Business Manager
Andrés Elizalde Galdeano
+1
·
Published
2023-11-13
·
Updated
2023-11-17
·
CVE-2023-6098
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ICS Business Manager version 7.06.0028.7066
Description
A security issue has been identified, allowing a remote attacker to send a specially crafted string, exploiting the
obdd act parameter. This could enable the attacker to steal an authenticated user's session and perform actions within the application.Recommendations
For ICS Business Manager version 7.06.0028.7066, consider restricting access to the
obdd act parameter until a patch is available. As a temporary workaround, avoid using the obdd act parameter in sensitive operations to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ics Business Manager