Access Control Weakness in Silverpeas Core Messaging Feature
CVE-2023-47323

7.5HIGH

Key Information:

Vendor: Silverpeas
Status: Silverpeas
Vendor: CVE Published:; 13 December 2023

What is CVE-2023-47323?

The messaging feature of Silverpeas Core version 6.3.1 lacks proper access control mechanisms on the ID parameter. This flaw allows attackers to intercept and read messages, including those meant solely for administrators, potentially exposing sensitive communications between users. Organizations using this version are encouraged to review their messaging configurations and implement necessary security measures to mitigate the risk of unauthorized information access.

References

http://silverpeas.com

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Nov 6, 2023