CVE-2023-27261

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 25, 2023
Updated: Oct 28, 2023
CWE ID 287
CWE ID 306

Summary

CVE-2023-27261 is a vulnerability affecting IDAttend's IDWeb application versions 3.1.052 and earlier. This issue involves a missing authentication mechanism in the DeleteAssignments method. Consequently, unauthenticated attackers can delete data by exploiting this weakness. The potential impact includes loss of important information, leading to data breaches and potential system disruptions. Organizations running the affected software are strongly advised to apply the available patch or update as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share