CVE-2023-4997 HIGH

CVE-2023-4997: Improper authorisation in Uptime DC

Vendor Prointegra S.a.
Product UptimeDC
Weakness CWE-863 · Incorrect authorization
Published October 4, 2023
Last update March 3, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.

Key dates

02Disclosure timeline

October 4, 2023 CVE published
March 3, 2025 Record updated