Incorrect Access Control in Silverpeas Core by Silverpeas
CVE-2023-47321

4.9MEDIUM

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-47321?

Silverpeas Core version 6.3.1 is susceptible to an Incorrect Access Control vulnerability within the 'Portlet Deployer'. This flaw enables administrators to inadvertently deploy .WAR portlets without appropriate authorization, potentially compromising the security posture of the application. It is critical for users to evaluate their systems and apply recommended security measures to mitigate the risks associated with this vulnerability.

References

http://silverpeas.com

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023