CVE-2023-36100

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 1, 2023

Updated: Sep 7, 2023

Summary

CVE-2023-36100 is a newly disclosed vulnerability affecting IceCMS version 2.0.1. The issue permits attackers to exploit the UserID parameter in the api/User/ChangeUser endpoint, leading to privilege escalation and data theft. Successful exploitation grants attackers unauthorized access to sensitive information. This vulnerability poses a significant risk to organizations using IceCMS and should be addressed promptly by applying the available patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sh6cla
https://www.cve.org/CVERecord?id=CVE-2023-36100
https://nvd.nist.gov/vuln/detail/CVE-2023-36100

Back to Vulnerability Database

CVE-2023-36100

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations