CVE-2023-5830
HIGH EXPLOITED NUCLEIColumbiaSoft Document Locator < 7.2 - Improper Authentication via WebTools Login Server Parameter
Title source: llmExploitation Summary
CVE-2023-5830 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.
Nuclei Templates (1)
ColumbiaSoft DocumentLocator - Improper Authentication
CRITICALby Gonski
Shodan:
title:"Document Locator - WebTools" || http.title:"document locator - webtools"
FOFA:
title="document locator - webtools"
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.243729
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.243729
Scores
CVSS v3
7.3
EPSS
0.6104
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2024-04-11
CWE
CWE-287
Status
published
Products (3)
documentlocator/document_locator
7.2 (2 CPE variants)
documentlocator/document_locator
21
documentlocator/document_locator
< 7.2
Published
Oct 27, 2023
Tracked Since
Feb 18, 2026