CVE-2023-46501

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions BoltWire version 6.03

Description The issue in BoltWire allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. This is related to insufficient protection of service data, which can be exploited by a remote attacker to gain access to confidential data.

Recommendations For BoltWire version 6.03, update the BoltWire CMS to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the admin password change function until the update is applied.

Exploit

Fix

Improper Access Control

Information Disclosure

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200CWE-266

Related Identifiers

BDU:2023-08619

CVE-2023-46501

Affected Products

Boltwire

CVE-2023-46501

Weakness Enumeration

Related Identifiers

Affected Products

References · 7