CVE-2023-4392
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-4392 is a newly disclosed vulnerability affecting Control iD Gerencia Web 1.30. This issue lies within the Cookie Handler component, which is currently unidentified in functionality. The manipulation of this vulnerability results in the cleartext storage of sensitive data. The attack can be executed remotely, but the complexity and difficulty of exploitation are relatively high. Unfortunately, the exploit has been made public, increasing the risk of potential attacks. Vendor response has been lacking since early notification of this disclosure. (VDB-237380)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- ASSA ABLOY AB