PT-2023-4069 · Digiexam · Digiexam
Lodi-G
·
Published
2023-07-08
·
Updated
2023-07-20
·
CVE-2023-33668
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
DigiExam versions up to 14.0.2
Description
The issue is related to the lack of integrity checks for native modules in DigiExam, allowing remote attackers to access personally identifiable information (PII) and takeover accounts on shared computers.
Recommendations
For versions up to 14.0.2, update to a version that includes integrity checks for native modules to prevent exploitation.
As a temporary workaround, consider restricting access to shared computers to minimize the risk of account takeover.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digiexam