CVE-2023-31923
published 2023-05-22CVE-2023-31923: Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator"…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.86%
54.0th percentile
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| supremainc | biostar_2 | < 2.9.1 | 2.9.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-22
Published