A breach of Okta's support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant's
Advisory: Session Token Enumeration in RWS WorldServerSession tokens in RWS WorldServer have a low entropy and can beenumerated, leading to unauthorised access to user sessions.Details=======Product: WorldServerAffected Versions: 11.7.3 and earlier versionsFixed Version: 11.8.0Vulnerability Type: Session Token EnumerationSecurity Risk: highVendor URL: https://www.rws.com/localization/products/additional-solutions/Vendor Status: fixed version releasedAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2023-001Advisory Status: publishedCVE: CVE-2023-38357CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38357Introduction============"WorldServer offers a flexible,
Lightspin obtains credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log fdw extension.