CVE-2023-50811

MEDIUM

Seling Visual Access Manager - HTTP Request Smuggling

Title source: rule

Description

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.

References (1)

[Third Party Advisory] https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 15.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-444 CWE-863

Status published

Products (1)

seling/visual_access_manager 4.38.6

Published Mar 19, 2024

Tracked Since Feb 18, 2026