CVE-2023-6483 CRITICAL

CVE-2023-6483: Improper Authentication Vulnerability in ADiTaaS

Vendor Aditaas
Product Allied Digital Integrated Tool-as-a-Service
Weakness CWE-287 · Improper authentication
Published December 18, 2023
Last update May 7, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable platform. Successful exploitation of this vulnerability could allow the attacker to gain full access to the customers’ data and completely compromise the targeted platform.

Key dates

02Disclosure timeline

December 18, 2023 CVE published
May 7, 2025 Record updated