CVE-2023-26573 Vulnerability Details 
                
					
						
						   
					    /   
					
					
						
						   
					    /   
					
					
						
						   
					    /   
					
					
						
						   
					 
					
					
CVE-2023-26573 Metadata Quick Info 
					CVE Published: 25/10/2023  | 
					
CVE Updated: 15/10/2024  | 
					
CVE Year: 2023  
					
					Source:  TML  | 
					
Vendor:  IDAttend Pty Ltd  | 
					
Product: IDWeb  
					
					
					Status : PUBLISHED  
					
 
					CVE-2023-26573 Description 
					 
					Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.					
					
					
Metrics 
					CVSS Version: 3.1  | 
					
Base Score: 8.2 HIGH 
					Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H  
					
					l➤ Exploitability Metrics:      Attack Vector (AV)* NETWORK       Attack Complexity (AC)* LOW       Privileges Required (PR)* NONE       User Interaction (UI)* NONE       Scope (S)* UNCHANGED  l➤ Impact Metrics:      Confidentiality Impact (C)* LOW       Integrity Impact (I)* NONE       Availability Impact (A)* HIGH  Weakness Enumeration (CWE) 
					CWE-ID: CWE-306  CWE Name: CWE-306 Missing Authentication for Critical Function  Source: IDAttend Pty Ltd  Common Attack Pattern Enumeration and Classification (CAPEC) 
					CAPEC-ID: CAPEC-115  CAPEC Description: CAPEC-115 Authentication Bypass  
						Source: NVD (National Vulnerability Database).