CVE-2023-6554: Missing authorisation in TCExam
First published: Thu Jan 11 2024(Updated: )
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
Credit: cvd@cert.pl
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tcexam | <15.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6554?
CVE-2023-6554 is considered a high severity vulnerability due to the potential exposure of sensitive exam answers.
How do I fix CVE-2023-6554?
To fix CVE-2023-6554, implement external authorization mechanisms like Apache Basic Auth to protect the 'admin' folder.
What information can be exposed in CVE-2023-6554?
CVE-2023-6554 can expose sensitive information such as exam answers if the 'admin' folder is not properly secured.
Which software is affected by CVE-2023-6554?
CVE-2023-6554 affects Tecnick Tcexam versions prior to 15.1.0.
Who is impacted by CVE-2023-6554?
Any user with access to the unprotected 'admin' folder in affected versions of Tecnick Tcexam is at risk from CVE-2023-6554.
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/tecnick
- canonical/tcexam