CVE-2023-6451

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 16, 2024

Updated: Jan 9, 2025

CWE ID 1394

CWE ID 287

Summary

CVE-2023-6451 is a newly disclosed vulnerability affecting AlayaCare's Procura Portal before version 9.0.1.2. This issue involves a publicly known cryptographic machine key that can be exploited by attackers to forge their own authentication cookies. By doing so, they can bypass the application's authentication mechanisms, gaining unauthorized access to user accounts and potentially sensitive data. This vulnerability poses a serious risk to the security and privacy of Procura Portal users. It is strongly recommended that affected organizations upgrade to the patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners

CVE-2023-6451

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations