Incorrect Access Control in Silverpeas Core Affects Application Availability
CVE-2023-47320

8.1HIGH

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-47320?

Silverpeas Core 6.3.1 contains a vulnerability related to incorrect access control, which allows an attacker with low privileges to exploit administrator-only functionalities. Specifically, this flaw enables unauthorized users to put the application into a 'Maintenance Mode,' thereby denying service to all users. This vulnerability poses a risk to the availability of services provided by the Silverpeas Core application, particularly affecting versions 6.3.1 and earlier.

References

http://silverpeas.com

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023