Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
For experts
Publications
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in SmodBIP software
10 October 2023 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2023-4837
Publication date 10 October 2023
Vendor Jan Syski
Product SmodBIP
Vulnerable versions All
Vulnerability type (CWE) Cross-Site Request Forgery (CWE-352)
Report source Own research

Description

During its own research, CERT Polska has found a CSRF (Cross-Site Request Forgery) vulnerability in SmodBIP software. This could allow a malicious actor to use a higher privileged users to execute unwanted actions under their current authentication when the user enters a specially crafted link.

The weakness has been assigned the number CVE-2023-4837. The product is currently in out-of-support state, which means that no fix should be expected. All versions of the software are believed to be vulnerable as the newest one was tested.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.