CVE-2023-26099

CVE-2023-26099

by mrahier96

Abstract Advisory Information

The consultation permission allows the users to view, add, modify, and delete data instead of just viewing it.

Author: Alexis Pain

Version affected

Name: APSAL

Versions: 3.14.2022.235 b

Common Vulnerability Scoring System

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Patch

APSAL 2023.0237

References

Vulnerability Disclosure Timeline

    • 01/12/2022: Vulnerability discovery
    • 09/01/2023: Vulnerability Report to CERT-XLM
    • 20/01/2023: Vulnerability Report to Vendor through email
    • 17/02/2023: Vendor contacted again for an update
    • 20/02/2023: CVE number assigned: CVE-2023-26099
    • 24/02/2023: CVE ID communicated to vendor and asked for an update regarding the patch.
    • 03/03/2023: Update asked to vendor
    • 23/03/2023: Update received from vendor, use fix APSAL 2023.0237
    • 24/04/2023: Expected Vulnerability disclosure
Top