CVE-2023-41089 HIGH

CVE-2023-41089: Improper Authentication in DEXMA DEXGate

Vendor Dexma
Product DexGate
Weakness CWE-287 · Improper authentication
Published October 19, 2023
Last update September 12, 2024

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate "legitimate" requests.

Key dates

02Disclosure timeline

October 19, 2023 CVE published
September 12, 2024 Record updated