CVE-2023-38399

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published May 17, 2024

CWE ID 22

Summary

CVE-2023-38399 is a newly disclosed path traversal vulnerability that affects the Averta Phlox Portfolio, specifically versions from n/a to 2.3.1. An attacker can exploit this issue by improperly limiting file paths, leading to Local File Inclusion of PHP files. This weakness could potentially allow unauthorized access or data manipulation, posing a significant risk to users running the affected software. It is crucial that organizations using Averta Phlox Portfolio update to a patched version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sBkubk
https://www.cve.org/CVERecord?id=CVE-2023-38399
https://nvd.nist.gov/vuln/detail/CVE-2023-38399

Back to Vulnerability Database

CVE-2023-38399

CVSS 3.1 Score 8.6 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations