Security Advisory from Primion

Subject: CVE-2023-40298

  • Version: 1.0
  • Data classification: External
  • Creation date: 09/08/2023
  • Review date: 01/09/2023
  • Name & title of originator/author: Luka Kolb, Information Security Officer
  • Target audience: Primion employees, prime WebSystems owners

1. Summary

An Insecure Direct Object Reference (IDOR) vulnerability was discovered which allowed an authenticated user to show request information for other users of the system.

The vulnerability is only applicable for systems where the "workflow with authorisation" parameter is set to inactive.

2. CVE details

CVEID: CVE-2023-40298
CVE 3.1 Base score: 2.8

3. Affected products & versions

  • All versions below prime WebSystems v164.3 are affected.
  • All platforms are affected.

4. Remediation/Fixes

The fix for the vulnerability is included in the fix pack 163.11 and prime WebSystems version 164.3.1.

5. Contact

For more information on the remediation status for your system please contact our ServiceDesk through:
E-mail: support@remove-this.primion.eu
Phone: +49 7573 952-777

For any security enquiries please contact the Primion CSIRT:
CSIRT@remove-this.primion.eu or isecurity@remove-this.primion.eu.

to top
Call us at +49 7573 9520

or arrange a callback:

close