Skip to main content

Emsigner

3 CVEs product

Monthly

CVE-2023-43902 CRITICAL POC Act Now

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Emsigner
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43901 MEDIUM POC This Month

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emsigner
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-43900 MEDIUM POC This Month

Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Emsigner
NVD
CVSS 3.1
6.5
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Emsigner
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emsigner
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Emsigner
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy