Shodan
Vulnerabilities
Vulnerable Software
Easyappointments:  >> Easyappointments  >> 0.7.1  Security Vulnerabilities
CVE-2023-38055
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3286
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3287
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-3288
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3289
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3290
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38050
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.1
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38051
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38052
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38053
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved