{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-2703","assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","state":"PUBLISHED","assignerShortName":"TR-CERT","dateReserved":"2023-05-15T11:02:25.945Z","datePublished":"2023-05-23T19:19:47.883Z","dateUpdated":"2026-05-22T11:16:13.302Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT","dateUpdated":"2026-05-22T11:16:13.302Z"},"title":"Information Disclosure in Finex Media's Competition Management System","datePublic":"2023-05-23T19:20:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-359","description":"CWE-359 Exposure of Private Personal Information to an Unauthorized Actor","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-37","descriptions":[{"lang":"en","value":"CAPEC-37 Retrieve Embedded Sensitive Data"}]},{"capecId":"CAPEC-569","descriptions":[{"lang":"en","value":"CAPEC-569 Collect Data as Provided by Users"}]}],"affected":[{"vendor":"Finex Media","product":"Competition Management System","versions":[{"status":"affected","version":"0","lessThan":"23.07","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.\n\nThis issue affects Competition Management System: before 23.07.","supportingMedia":[{"type":"text/html","base64":false,"value":"Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.<p>This issue affects Competition Management System: before 23.07.</p>"}]}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-23-0283","tags":["government-resource","broken-link"]},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0283","tags":["government-resource"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}],"solutions":[{"lang":"en","value":"Update the software to >= v.23.07","supportingMedia":[{"type":"text/html","base64":false,"value":"Update the software to &gt;= v.23.07"}]}],"credits":[{"lang":"en","value":"Mustafa Anil YILDIRIM","user":"00000000-0000-4000-9000-000000000000","type":"finder"}],"source":{"defect":["TR-23-0283"],"advisory":"TR-23-0283","discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:33:04.316Z"},"title":"CVE Program Container","references":[{"tags":["government-resource","x_transferred"],"url":"https://www.usom.gov.tr/bildirim/tr-23-0283"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-17T16:11:47.713395Z","id":"CVE-2023-2703","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-17T16:11:59.898Z"}}]}}