CVE-2023-4472

Summary

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.

Affected Software

VendorProductVersion RangeStatus
ObjectplanetOpinio7.22affected
ObjectplanetOpinio7.23unaffected

Weaknesses

  • CWE-335: CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References