CVE-2023-48375

HIGH

SmartStar Software CWS - Authenticated Privilege Escalation via Missing Authorization

Title source: llm
STIX 2.1

Description

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0069
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
csharp/cws_collaborative_development_platform 10.25
Published Dec 15, 2023
Tracked Since Feb 18, 2026