CVE-2023-49233 Information

Description

Insufficient access checks in Visual Planning Admin Center 8 before v.1 Build 240207 allow attackers in possession of a non-administrative Visual Planning account to utilize functions normally reserved for administrators. The affected functions allow attackers to obtain different types of configured credentials and potentially elevate their privileges to administrator level.

Reference

https://www.visual-planning.com/en/support-portal/updates https://www.schutzwerk.com/blog/schutzwerk-sa-2023-005/