Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Bhima Security Vulnerabilities

cve
cve

CVE-2023-0944

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

4.3CVSS

4.7AI Score

0.001EPSS

2023-04-05 08:15 PM
11
cve
cve

CVE-2023-0967

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

6.5CVSS

6.3AI Score

0.001EPSS

2023-04-05 08:15 PM
12
cve
cve

CVE-2023-0959

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to...

6.5CVSS

6.4AI Score

0.002EPSS

2023-04-05 08:15 PM
16