PT-2024-13976 · Selesta · Selesta Visual Access Manager
Andrea Carlo Maria Dattola
+4
·
Published
2024-03-19
·
Updated
2024-10-28
·
CVE-2023-50811
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SELESTA Visual Access Manager version 4.38.6
Description
An issue in SELESTA Visual Access Manager allows attackers to modify the
computer POST parameter related to the ID of a specific reception by POST HTTP request interception. This can lead to unauthorized access to the application and control of many other receptions beyond the assigned one. The issue can be exploited via local network only.Recommendations
For SELESTA Visual Access Manager version 4.38.6, restrict local network access and monitor logs until a patch is available. As a temporary workaround, consider restricting access to the
computer POST parameter to minimize the risk of exploitation.Fix
Incorrect Authorization
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Selesta Visual Access Manager