How severe is CVE-2023-23610?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-23610?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2023-23610

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.

CVE-2013-2625

MEDIUM

CVSS:6.5(Medium)

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking ...

CWE-2692013

CVE-2015-5071

MEDIUM

CVSS:6.5(Medium)

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of t...

CWE-2692015

CVE-2015-5072

MEDIUM

CVSS:6.5(Medium)

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid pa...

CWE-2692015