How severe is CVE-2023-2534?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2023-2534?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2023-2534 - HIGH Severity | CVSS 8.1

Vulnerability Description

Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.

Related Vulnerabilities

CVE-2016-10859

HIGH

CVSS:8.1(High)

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).

CWE-2852016

CVE-2016-7143

HIGH

CVSS:8.1(High)

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE p...

CWE-2852016

CVE-2018-1082

HIGH

CVSS:8.1(High)

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CWE-2852018

CVE-2018-10861

HIGH

CVSS:8.1(High)

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches mast...

CWE-2852018

CVE-2018-14637

HIGH

CVSS:8.1(High)

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.

CWE-2852018

CVE-2018-15465

HIGH

CVSS:8.1(High)

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privilege...

CWE-2852018