CVE-2023-4198

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 1, 2023
Updated: Nov 8, 2023
CWE ID 119

Summary

CVE-2023-4198 is a newly discovered access control vulnerability in Dolibarr ERP CRM versions up to 17.0.3. This issue permits an authenticated, yet unauthorized user to gain unintended access to a customer database table, potentially exposing sensitive data. The vulnerability arises from the application's failure to enforce proper access control measures, putting customer information at risk. Dolibarr users are advised to upgrade to a patched version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share