How severe is CVE-2023-47127?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-47127?

This is classified as CWE-302, which is a common weakness in software security.

CVE-2023-47127

MEDIUM Year: 2023

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-302

View all →

Vulnerability Description

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2021-1561

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthor...

CWE-3022021

CVE-2024-3462

MEDIUM

CVSS:5.4(Medium)

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for ...

CWE-3022024

CVE-2022-40703

MEDIUM

CVSS:6.1(Medium)

CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android devi...

CWE-3022022

CVE-2024-47086

HIGH

CVSS:6.5(Medium)

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vu...

CWE-3022024

CVE-2024-8475

MEDIUM

CVSS:6.5(Medium)

Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5.

CWE-3022024

CVE-2021-1399

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authent...

CWE-3022021

CVE-2023-47127

Vulnerability Description

Related Vulnerabilities

CVE-2021-1561

CVE-2024-3462

CVE-2022-40703

CVE-2024-47086

CVE-2024-8475

CVE-2021-1399