CVE-2023-48375
HIGHSmartStar Software CWS - Authenticated Privilege Escalation via Missing Authorization
Title source: llmDescription
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.
References (1)
Core 1
Core References
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html
Scores
CVSS v3
8.8
EPSS
0.0069
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
csharp/cws_collaborative_development_platform
10.25
Published
Dec 15, 2023
Tracked Since
Feb 18, 2026