CVE-2023-48644

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Archibus app version 4.0.3 for iOS

Description An issue was discovered in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.

Recommendations For Archibus app version 4.0.3, consider disabling the create work request feature in the maintenance module until a patch is available. Restrict access to the description field to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-48644

Affected Products

Archibus

CVE-2023-48644

Weakness Enumeration

Related Identifiers

Affected Products

References · 7