CVE-2023-27195

Published Nov 8, 2024

Last updated 9 days ago

CVSS critical 9.8

Overview

Description
Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-276

Social media

Hype score
Not currently trending

  1. CVE-2023-27195 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve th..https://t.co/3B3ZYC2ygs #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    13 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2023-27195 (Published: 2024-11-08) affects Trimble TM4Web. This vulnerability impacts specific versions, allowing potential exploitation. Users are urged to update to the latest version to mitigate risks. For more details and remediation steps, visit: https://t.co/vuFXbCSorO…

    @transilienceai

    11 Nov 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2023-27195 (Published: 2024-11-08) - High severity vulnerability in Trimble TM4Web. Affects specific versions; ensure your systems are updated to mitigate risks. For remediation details, visit: https://t.co/vuFXbCSorO. Stay secure! #CyberSecurity #VulnerabilityAlert

    @transilienceai

    11 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2023-27195 Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this a… https://t.co/K5nRmwY5SO

    @CVEnew

    8 Nov 2024

    385 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References