CVE-2023-45892

Published: Jan 2, 2024Modified: May 13, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

Affected (1)

Products: Floorsightsoftware: Insight

Floorsightsoftware

1 product

Insight

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Floorsightsoftware Insight	Up to q3_2023

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md

Source: cve@mitre.org

Third Party Advisory

https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.