CVE-2023-42034

{"id": "CVE-2023-42034", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-03T03:15:36.233", "references": [{"url": "https://myconnectionserver.visualware.com/support/security-advisories", "tags": ["Vendor Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1399/", "tags": ["Third Party Advisory"], "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://myconnectionserver.visualware.com/support/security-advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1399/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability.\n\nThe specific flaw exists within the doRTAAccessCTConfig method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21613."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de Cross-Site Scripting de Visualware MyConnection Server doRTAAccessCTConfig. Esta vulnerabilidad permite a atacantes remotos eludir la autenticaci\u00f3n en las instalaciones afectadas de Visualware MyConnection Server. Se requiere una interacci\u00f3n m\u00ednima del usuario para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del m\u00e9todo doRTAAccessCTConfig. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyecci\u00f3n de un script arbitrario. Un atacante puede aprovechar esta vulnerabilidad para eludir la autenticaci\u00f3n en el sistema. Era ZDI-CAN-21613."}], "lastModified": "2025-08-08T18:51:13.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:visualware:myconnection_server:11.3c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFCB048-D49E-49D6-9BE4-7C223704E144"}], "operator": "OR"}]}], "sourceIdentifier": "zdi-disclosures@trendmicro.com"}