🛡️ CVE-2023-2904
🟠 CVSS 7.3 — High ✅ No Known Exploit CWE-471 NVD
7.3
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.

Details

Severity HIGH
CVSS Score 7.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
CWE CWE-471
Public Exploit ✅ No
Source NVD
Published 2023-06-07
Updated 2026-06-08
Modified 2025-01-06
Fix URL N/A

Affected Packages

Software From version Fixed in
safe 5.8.0 5.11.3

References

Third Party Advisory, US Government Resource https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02
Third Party Advisory, US Government Resource https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02

Similar Threats

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.