CVE-2023-33368

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 3, 2023

Updated: Aug 4, 2023

CWE ID 668

Summary

CVE-2023-33368 is a vulnerability affecting Control ID IDSecure versions 4.7.26.0 and older. This issue involves the existence of certain API routes, which unintendedly exfiltrate sensitive information and passwords to users accessing these routes. This vulnerability poses a significant risk, as unauthorized individuals may gain access to confidential data, potentially leading to data breaches and other security incidents. Organizations running affected versions are advised to update to the latest patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ASSA ABLOY AB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sND4jT
https://www.cve.org/CVERecord?id=CVE-2023-33368
https://nvd.nist.gov/vuln/detail/CVE-2023-33368

Back to Vulnerability Database

CVE-2023-33368

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations