CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-33371

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://claroty.com/team82/disclosure-dashboard/cve-2023-33371
https://www.controlid.com.br/en/access-control/idsecure/
https://claroty.com/team82/disclosure-dashboard/cve-2023-33371
https://www.controlid.com.br/en/access-control/idsecure/

Products affected by CVE-2023-33371

Assaabloy » Control Id Idsecure » Version: 4.7.26.0

cpe:2.3:a:assaabloy:control_id_idsecure:4.7.26.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33371

Products

Pricing

Contact Us