CVE-2023-3529

HIGH Year: 2023
CVSS v3 Score
7.5
High
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-6489

HIGH
CVSS:7.5(High)

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CWE-2032016

CVE-2017-9735

HIGH
CVSS:7.5(High)

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect pa...

CWE-2032017

CVE-2018-9364

HIGH
CVSS:7.5(High)

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

CWE-2032018

CVE-2019-10114

HIGH
CVSS:7.5(High)

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication pr...

CWE-2032019

CVE-2019-18850

HIGH
CVSS:7.5(High)

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and int...

CWE-2032019