How severe is CVE-2023-2904?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2023-2904?

This is classified as CWE-471, which is a common weakness in software security.

CVE-2023-2904 - HIGH Severity | CVSS 7.3

Vulnerability Description

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

Related Vulnerabilities

CVE-2020-8116

HIGH

CVSS:7.3(High)

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as o...

CWE-4712020

CVE-2024-9876

HIGH

CVSS:7.3(High)

: Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4.

CWE-4712024

CVE-2020-8268

HIGH

CVSS:7.5(High)

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

CWE-4712020

CVE-2024-55551

HIGH

CVSS:7.5(High)

An issue was discovered in Exasol JDBC driver before 24.2.1 (2024-12-10). Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver...

CWE-4712024

CVE-2018-3721

MEDIUM

CVSS:6.5(Medium)

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify th...

CWE-4712018

CVE-2021-37177

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unaut...

CWE-4712021