Main Vulnerability Database Vulnerabilities #VU75315

Improper Authentication in NEXT ENGINE Integration Plugin - CVE-2023-27919

Published: April 19, 2023

Vulnerability identifier: #VU75315

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-27919

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NEXT ENGINE Integration Plugin

Software vendor:
NE Inc.

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and alter the information stored in the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://jvn.jp/en/jp/JVN50862842/index.html

Improper Authentication in NEXT ENGINE Integration Plugin - CVE-2023-27919

Description

Remediation

External links

Please verify you're human