CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-49231

CVSS 9.8v3.1pub. 2024-03-29upd. 2026-04-15

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.

🤖 AI Analysis
How it works

The vulnerability (CWE-294 — Authentication Bypass by Capture-replay) consists of the ability to bypass the authentication mechanism in the application's API interface. An unauthorized attacker can send a specially crafted network request and receive an administrative API token in response. The obtained token grants authorization to perform operations reserved exclusively for system administrators.

Impact

The attacker gains full administrative access to the application's API, enabling reading and modification of data, as well as potentially taking control over the entire Visual Planning 8 instance.

Mitigation & patch

Patches available from the vendor should be applied according to references — updates are available at https://www.visual-planning.com/en/support-portal/updates

Who is affected

Stilog Visual Planning 8

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References