CVE-2023-27258

Summary

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

Affected Software

VendorProductVersion RangeStatus
IDAttend Pty LtdIDWeb0 <= 3.1.052affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References