ID Confusion Vulnerability in OX App Suite Allows Unauthorized Appointment Changes

ID Confusion Vulnerability in OX App Suite Allows Unauthorized Appointment Changes

CVE-2023-24599 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."

Learn more about our User Device Pen Test.