CVE Alert: CVE-2023-27195

image 1

Vulnerability Summary: CVE-2023-27195

Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges.

Affected Endpoints:

  • PUT /inc/tm_ajax

Published Date:

11/8/2024, 5:15:05 AM

💀 CVSS Score:

CVSS v3 Score: 9.8 (Critical)

Exploit Status:

Not Exploited

EPS Score: 0.00043 | Ranking EPS: 0.10008

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.