CVE-2023-41264
- Reference to the description:
- Description:
- Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints).
- Last updated date:
- 08/01/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/04/2023
- Reference url to background
https://www.synacktiv.com/advisories/usercube-netwrix-multiple-vulnerabilities