Vulnerability Description
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Floorsightsoftware | Customer Portal | <= q3_2023 |
Related Weaknesses (CWE)
References
- https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45Third Party Advisory
- https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45Third Party Advisory
FAQ
What is CVE-2023-45893?
CVE-2023-45893 is a vulnerability with a CVSS score of 7.5 (HIGH). An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.
How severe is CVE-2023-45893?
CVE-2023-45893 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45893?
Check the references section above for vendor advisories and patch information. Affected products include: Floorsightsoftware Customer Portal.