Lucene search
HistoryJul 12, 2023 - 1:15 p.m.
CVE-2023-33668
digiexam
v14.0.2
integrity checks
native modules
pii
account takeover
shared computers
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.4%
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.
Affected configurations
Node
digiexamdigiexamRange≤14.0.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| digiexam:digiexam | digiexam | le | 14.0.2 |
Related
nvd
nvd
CVE-2023-33668
2023-07-12 13:15:09
githubexploit
githubexploit
Exploit for Improper Validation of Integrity Check Value in Digiexam
2023-07-08 08:56:21
prion
prion
Design/Logic Flaw
2023-07-12 13:15:00
cvelist
cvelist
CVE-2023-33668
2023-07-12 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.4%
Related for CVE-2023-33668