CVE-2023-27195 Information

Description

Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account attackers are also able to register new Administrator accounts with full privileges.

Reference

https://transportation.trimble.com/products/TM4Web https://seclists.org/fulldisclosure/2024/Apr/16