CVE-2023-50811

MEDIUM

SELESTA Visual Access Manager 4.38.6 - Unauthenticated Access Control Bypass via Parameter Manipulation

Title source: llm

Description

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one.

References (1)

Core 1

Core References

Third Party Advisory

https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 6.5

EPSS 0.0045

EPSS Percentile 35.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-444 CWE-863

Status published

Products (1)

seling/visual_access_manager 4.38.6

Published Mar 19, 2024

Tracked Since Feb 18, 2026