La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2023-50811

CVE-2023-50811 – Selesta Visual Access Manager

Vulnerability Description: Authorization Bypass Through User-Controlled Key – CWE-639

Software Version: 4.38.6

NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-50811

CVSv3: 6.5

Severity: Medium

Credits: Cristina Coppola, Massimiliano Ferraresi, Andrea Carlo Maria Dattola, Stefano Scipioni, Massimiliano Brolli

SELESTA Visual Access Manager 4.38.6 has Incorrect Access Control.

A remote user, authenticated as receptionist role to the web application “Visual Access Manager”, is able to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception.

Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.