CVE-2023-4177

Severity CVSS v4.0:

Pending analysis

Type:

CWE-345 Insufficient Verification of Data Authenticity

Publication date:

06/08/2023

Last modified:

17/05/2024

Description

A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 7.205.0.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236213 was assigned to this vulnerability.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.70 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x

5.70

Severity 3.x

MEDIUM

Vector 2.0

AV:A/AC:H/Au:S/C:P/I:N/A:N CVSS v2.0 Severity and Metrics:

Base Score: 1.40 LOW
Vector: AV:A/AC:H/Au:S/C:P/I:N/A:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Authentication (Au): Single
Confidentiality (C): Physical
Integrity (I): None
Availability (A): None