{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T09:56:18.441","vulnerabilities":[{"cve":{"id":"CVE-2023-48375","sourceIdentifier":"twcert@cert.org.tw","published":"2023-12-15T08:15:45.000","lastModified":"2026-06-17T06:34:07.927","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service."},{"lang":"es","value":"SmartStar Software CWS es una plataforma de integración basada en web, tiene la vulnerabilidad de falta de autorización y los usuarios pueden acceder a datos o realizar acciones que no se les debería permitir realizar mediante comandos. Un usuario autenticado con privilegios normales puede ejecutar privilegios de administrador, lo que resulta en la realización de operaciones arbitrarias del sistema o la interrupción del servicio."}],"affected":[{"source":"twcert@cert.org.tw","affectedData":[{"vendor":"SmartStar Software","product":"CWS Web-Base","defaultStatus":"unaffected","versions":[{"version":"v10.25","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:csharp:cws_collaborative_development_platform:10.25:*:*:*:*:*:*:*","matchCriteriaId":"10CC0021-D5D9-4794-9ABE-DF8F1B21F6A2"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7594-dac20-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}