CVE Alert: CVE-2023-27195
Vulnerability Summary: CVE-2023-27195
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges.
Affected Endpoints:
- PUT /inc/tm_ajax
Published Date:
11/8/2024, 5:15:05 AM
💀 CVSS Score:
Exploit Status:
Not ExploitedEPS Score: 0.00043 | Ranking EPS: 0.10008
References:
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.