CVE-2023-45598

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A vulnerability in the "measure" functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. The issue is related to a "Direct Request ('Forced Browsing')" or "Missing Authorization" vulnerability, which enables unauthorized access to sensitive data.

Recommendations For versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "measure" functionality of the web application until a patch is available.