CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.6%

CVSS Severity

CVSS v3 Score 9.8

References

https://iuclid6.echa.europa.eu
https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669
https://iuclid6.echa.europa.eu/download
https://iuclid6.echa.europa.eu
https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669
https://iuclid6.echa.europa.eu/download

Products affected by CVE-2023-26089

Echa.europa » Iuclid » Version: Any

cpe:2.3:a:echa.europa:iuclid:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26089

Products

Pricing

Contact Us