MidnightBSD

Advisories for alayacare

CVE-2023-6451

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vdp@themissinglink.com.au 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
alayacare procura *