CVE-2023-2904
CVE-2023-2904

7.3HIGH

Key Information:

Vendor: HID Global
Status: SAFE
Vendor: CVE Published:; 7 June 2023

What is CVE-2023-2904?

The External Visitor Manager portal in HID's SAFE (versions 5.8.0 to 5.11.3) contains a vulnerability that allows an attacker to manipulate user IDs through the application programming interface (API). By gaining access using internal user credentials, attackers can alter visitor identifiers to retrieve sensitive personal information of other users. Furthermore, due to the lack of request rate limits on the HID SAFE Web Server, this vulnerability can also be exploited to mount denial-of-service attacks, potentially disrupting service availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAFE 5.8.0 <= 5.11.3

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

government-resource

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
May 25, 2023

JSON

HID Global