CVE-2023-49233

high

Description

Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.

References

https://www.visual-planning.com/en/support-portal/updates

https://www.schutzwerk.com/blog/schutzwerk-sa-2023-005/

Details

Source: Mitre, NVD

Published: 2024-09-03

Updated: 2024-10-24

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H