{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T01:44:59.462","vulnerabilities":[{"cve":{"id":"CVE-2023-42034","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2024-05-03T03:15:36.233","lastModified":"2025-08-08T18:51:13.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability.\n\nThe specific flaw exists within the doRTAAccessCTConfig method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21613."},{"lang":"es","value":"Vulnerabilidad de omisión de autenticación de Cross-Site Scripting de Visualware MyConnection Server doRTAAccessCTConfig. Esta vulnerabilidad permite a atacantes remotos eludir la autenticación en las instalaciones afectadas de Visualware MyConnection Server. Se requiere una interacción mínima del usuario para aprovechar esta vulnerabilidad. La falla específica existe dentro del método doRTAAccessCTConfig. El problema se debe a la falta de validación adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyección de un script arbitrario. Un atacante puede aprovechar esta vulnerabilidad para eludir la autenticación en el sistema. Era ZDI-CAN-21613."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:visualware:myconnection_server:11.3c:*:*:*:*:*:*:*","matchCriteriaId":"7FFCB048-D49E-49D6-9BE4-7C223704E144"}]}]}],"references":[{"url":"https://myconnectionserver.visualware.com/support/security-advisories","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1399/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]},{"url":"https://myconnectionserver.visualware.com/support/security-advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1399/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}