Abstract Advisory Information
The consultation permission allows the users to view, add, modify, and delete data instead of just viewing it.
Author: Alexis Pain
Versions: 3.14.2022.235 b
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 01/12/2022: Vulnerability discovery
- 09/01/2023: Vulnerability Report to CERT-XLM
- 20/01/2023: Vulnerability Report to Vendor through email
- 17/02/2023: Vendor contacted again for an update
- 20/02/2023: CVE number assigned: CVE-2023-26099
- 24/02/2023: CVE ID communicated to vendor and asked for an update regarding the patch.
- 03/03/2023: Update asked to vendor
- 23/03/2023: Update received from vendor, use fix APSAL 2023.0237
- 24/04/2023: Expected Vulnerability disclosure