Vulnerabilities > CVE-2023-43901 - Unspecified vulnerability in Emsigner 2.8.7

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

emsigner

NVD

Published: 2023-11-14

Updated: 2024-09-03

Summary

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.

Vulnerable Configurations

Part	Description	Count
Application	Emsigner Emsigner Emsigner 2.8.7	1

References

https://secpro.llc/EMSigner-CVE-1/