CVE-2023-42032

Published: May 3, 2024Modified: Aug 8, 2025

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: zdi-disclosures@trendmicro.com (Secondary)

Description

Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTAAccessUPass method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-21611.

Affected (1)

Products: Visualware: Myconnection Server

1 product

Myconnection Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Visualware Myconnection Server	Version 11.3c

Related CWEs

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (4)

https://myconnectionserver.visualware.com/support/security-advisories

Source: zdi-disclosures@trendmicro.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1398/

Source: zdi-disclosures@trendmicro.com

Third Party Advisory

https://myconnectionserver.visualware.com/support/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1398/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.