{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T14:32:54.483","vulnerabilities":[{"cve":{"id":"CVE-2023-38257","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2023-07-18T18:15:12.620","lastModified":"2024-11-21T08:13:11.957","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords."},{"lang":"es","value":"Las versiones 2.1.37 y anteriores de Iagona ScrutisWeb son vulnerables a una vulnerabilidad de referencia directa a objetos insegura que podría permitir a un usuario no autenticado ver información de perfil, incluidos nombres de inicio de sesión de usuario y contraseñas cifradas. "}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iagona:scrutisweb:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.37","matchCriteriaId":"3972C062-588A-4705-91CE-4427085B46CF"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}