Vulnerabilities > CVE-2023-31435 - Incorrect Authorization vulnerability in Evasys 8.2/9.0

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

evasys

CWE-863

NVD

Published: 2023-05-02

Updated: 2023-05-10

Summary

Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.

Vulnerable Configurations

Part	Description	Count
Application	Evasys Evasys Evasys 9.0 Evasys Evasys 8.2	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://cves.at/posts/cve-2023-31435/writeup/