5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-47325

GHSA ID

GHSA-42g3-3jwm-63rx

EPSS Score

0.42233%

CWE

CWE-284

Published

12/13/2023

Updated

12/27/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-47325

CVE-2023-47325: Broken access control in Silverpeas

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-47325

CVE-2023-47325:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-47325

GHSA ID

GHSA-42g3-3jwm-63rx

EPSS Score

0.42233%

CWE

CWE-284

Published

12/13/2023

Updated

12/27/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.silverpeas.core:silverpeas-core-web	maven	< 6.3.2	6.3.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The PoC demonstrates exploitation via direct navigation to /RjobStartPagePeas/jsp/ViewBin. In Java web applications, JSPs are either protected by security constraints in web.xml or programmatic checks in controllers. The vulnerability indicates missing authorization enforcement at the entry point handling this URL. While the exact class/method isn't visible in provided data, the JSP endpoint itself represents the vulnerable access point. This matches the CWE-284 pattern of missing access control on a sensitive functionality endpoint.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-47325: Broken access control in Silverpeas

CVE-2023-47325:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

5.4

5.4

CVE-2023-47325: Broken access control in Silverpeas

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI