CVE-2023-2703

Published: May 23, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD (Secondary)

Description

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.

Affected (1)

Products: Finexmedia: Competition Management System

1 product

Competition Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Finexmedia Competition Management System	Before 23.07

Related CWEs

Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://www.usom.gov.tr/bildirim/tr-23-0283

Source: iletisim@usom.gov.tr

Third Party Advisory

https://www.usom.gov.tr/bildirim/tr-23-0283

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.