Vulnerability Details CVE-2023-33282
Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.5%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-33282
-
cpe:2.3:a:marvalglobal:msm:*
-
cpe:2.3:a:marvalglobal:msm:15.0