Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-47320 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war

Description

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

Remediation

References

http://silverpeas.com

https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320

Related Vulnerabilities

CVE-2020-26256 Vulnerability in npm package fast-csv

CVE-2020-28496 Vulnerability in npm package three

CVE-2021-33609 Vulnerability in maven package com.vaadin:vaadin-server

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk14

CVE-2023-34093 Vulnerability in npm package @strapi/database

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Tags

Product Exploit Third Party Advisory NVD-CWE-Other