Vulnerabilities > CVE-2023-33368 - Exposure of Resource to Wrong Sphere vulnerability in Assaabloy Control ID Idsecure 4.7.26.0

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
assaabloy
CWE-668

Summary

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.

Vulnerable Configurations

Part Description Count
Application
Assaabloy
1

Common Weakness Enumeration (CWE)