CVE-2023-47320 — Broken access control in Silverpeas

Description

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below.

How to fix CVE-2023-47320

To remediate CVE-2023-47320, upgrade the affected package to a fixed version below.

Maven/org.silverpeas.core:silverpeas-core-war—upgrade to 6.3.2 or later
—upgrade to 6.3.2 or later

Is CVE-2023-47320 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 6.3.2
from 0, < 6.3.2

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-47320
PATCHgithub.com/Silverpeas/Silverpeas-Core
WEBgithub.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2023-47320
WEBgithub.com/Silverpeas/Silverpeas-Core/commit/fcb4a9740b6c80859e435045b549290a82ae84a2