CVE-2023-49233
HIGHVisual Planning Admin Center <8 - Privilege Escalation
Title source: llmDescription
Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.
References (2)
Core 2
Core References
Various Sources
https://www.schutzwerk.com/blog/schutzwerk-sa-2023-005/
Various Sources
https://www.visual-planning.com/en/support-portal/updates
Scores
CVSS v3
8.8
EPSS
0.0038
EPSS Percentile
30.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-522
Status
published
Published
Sep 03, 2024
Tracked Since
Feb 18, 2026