Unauthorized Access Vulnerability in Tencent Enterprise Wechat Privatization
CVE-2023-40829

7.5HIGH

Key Information:

Vendor: Tencent
Status: Enterprise Wechat Privatization
Vendor: CVE Published:; 12 October 2023

What is CVE-2023-40829?

An unauthorized access vulnerability exists in the Tencent Enterprise Wechat Privatization versions 2.5.x and 2.6.930000, potentially allowing attackers to gain access to restricted areas of the application’s interface without appropriate credentials. This could expose sensitive information and undermine the security framework of the product, making it critical for users to apply relevant updates and mitigate exposure.

References

https://gist.github.com/wwwziziyu/85bdf8d56b415974c4827a5...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2023
Vulnerability Reserved
Aug 22, 2023

JSON