PT-2024-13700 · Stilog · Stilog Visual Planning
Lennert Preuth
·
Published
2024-03-29
·
Updated
2024-10-28
·
CVE-2023-49231
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Stilog Visual Planning version 8
Description
An authentication bypass issue was found, allowing an unauthenticated attacker to obtain an administrative API token.
Recommendations
For Stilog Visual Planning version 8, consider restricting access to administrative API endpoints until a patch is available. As a temporary workaround, limit the use of administrative API tokens to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stilog Visual Planning