CVSS 3.1 Score 5.4 of 10 (medium)


Published Jan 10, 2024
Updated: Jan 17, 2024
CWE ID 639


CVE-2023-48783 is an Authorization Bypass Through User-Controlled Key vulnerability that affects versions 7.2.1 and below of PortiPortal, along with versions 7.0.6 and below, 6.0.14 and below, and 5.3.8 and below. This vulnerability may allow a remote authenticated user with read-only permissions to access other organization endpoints through crafted GET requests. The vulnerability has a risk score of 25 and a base severity rating of MEDIUM. The potential danger it poses to an organization includes low integrity and confidentiality impact, along with no availability impact. The affected products include qXFuIf, phEc6f, phEc6e, phEc6d, uLE7Hf, kasaj_, phEc6c, qLMEp2, qLMEp3, qLMEp1, jcVAiI, jcVAiE, jcVAiF, jcVAiG, jcVAiH, jcVAiA, jcVAiB, jcVAiC, jcVAiD, jcVAh8, jcVAh9, jcVAh-, jcVAh_, t1jDxk , kasakA , uLE7Hg , uLE7Hh , uLE7Hi , phEc6g , uLE7Hj , uLE7Hk , and uLE7Hl.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48783 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options