CVE-2023-50872
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://help.accredible.com/accredible-product-release-notes
- https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872
References
- https://help.accredible.com/accredible-product-release-notes
- https://excellium-services.com/cert-xlm-advisory/CVE-2023-50872
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-50872
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.