CVE-2023-48253 Information

Description

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.

Reference

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html