CVE-2023-2904
CVE-2023-2904

7.3HIGH

Key Information:

Vendor: HID Global
Status: SAFE
Vendor: CVE Published:; 7 June 2023

What is CVE-2023-2904?

The External Visitor Manager portal in HID's SAFE (versions 5.8.0 to 5.11.3) contains a vulnerability that allows an attacker to manipulate user IDs through the application programming interface (API). By gaining access using internal user credentials, attackers can alter visitor identifiers to retrieve sensitive personal information of other users. Furthermore, due to the lack of request rate limits on the HID SAFE Web Server, this vulnerability can also be exploited to mount denial-of-service attacks, potentially disrupting service availability.

Affected Version(s)

SAFE 5.8.0 <= 5.11.3

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

government-resource

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
May 25, 2023

JSON

HID Global

What is CVE-2023-2904?

Affected Version(s)

References

CVSS V3.1

Timeline