CVE-2023-32725

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-565
View all →

Vulnerability Description

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.

Related Vulnerabilities

CVE-2012-5631

HIGH
CVSS:8.8(High)

ipa 3.0 does not properly check server identity before sending credential containing cookies

CWE-5652012

CVE-2017-6896

HIGH
CVSS:8.8(High)

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session ...

CWE-5652017

CVE-2021-33842

HIGH
CVSS:8.8(High)

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit thi...

CWE-5652021

CVE-2022-30620

HIGH
CVSS:8.8(High)

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Ad...

CWE-5652022

CVE-2024-22186

HIGH
CVSS:8.8(High)

The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.

CWE-5652024

CVE-2024-9970

HIGH
CVSS:8.8(High)

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specifi...

CWE-5652024