CVE-2023-37526

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-942
View all →

Vulnerability Description

HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks.

Related Vulnerabilities

CVE-2022-34366

MEDIUM
CVSS:6.5(Medium)

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtai...

CWE-9422022

CVE-2023-45213

MEDIUM
CVSS:6.5(Medium)

A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

CWE-9422023

CVE-2024-6449

MEDIUM
CVSS:6.5(Medium)

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attack...

CWE-9422024

CVE-2023-23128

MEDIUM
CVSS:6.1(Medium)

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product f...

CWE-9422023

CVE-2023-38122

HIGH
CVSS:7.2(High)

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i...

CWE-9422023

CVE-2019-14860

HIGH
CVSS:7.4(High)

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further acces...

CWE-9422019