CVE-2023-33291

HIGH Year: 2023
CVSS v3 Score
7.4
High
Weakness Type
CWE-276
View all →

Vulnerability Description

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)

Related Vulnerabilities

CVE-2021-20532

HIGH
CVSS:7.4(High)

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198...

CWE-2762021

CVE-2024-27148

HIGH
CVSS:7.4(High)

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the refere...

CWE-2762024

CVE-2024-27149

HIGH
CVSS:7.4(High)

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the refere...

CWE-2762024

CVE-2024-27150

HIGH
CVSS:7.4(High)

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the refere...

CWE-2762024

CVE-2024-27151

HIGH
CVSS:7.4(High)

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any lo...

CWE-2762024

CVE-2024-27152

HIGH
CVSS:7.4(High)

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the refere...

CWE-2762024