← Volver a CVEs
CVE-2023-43902
CRITICAL9.8
Descripcion
Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/14/2023
Ultima modificacion1/8/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
emsigner:emsigner
Debilidades (CWE)
CWE-276
Referencias
https://secpro.llc/emsigner-cve-2/(cve@mitre.org)
https://secpro.llc/emsigner-cve-2/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.