{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-2703", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-05-15T11:02:25.945Z", "datePublished": "2023-05-23T19:19:47.883Z", "dateUpdated": "2026-05-22T11:16:13.302Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-05-22T11:16:13.302Z"}, "title": "Information Disclosure in Finex Media's Competition Management System", "datePublic": "2023-05-23T19:20:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}, {"capecId": "CAPEC-569", "descriptions": [{"lang": "en", "value": "CAPEC-569 Collect Data as Provided by Users"}]}], "affected": [{"vendor": "Finex Media", "product": "Competition Management System", "versions": [{"status": "affected", "version": "0", "lessThan": "23.07", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.\n\nThis issue affects Competition Management System: before 23.07.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.<p>This issue affects Competition Management System: before 23.07.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0283", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0283", "tags": ["government-resource"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Update the software to >= v.23.07", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Update the software to &gt;= v.23.07"}]}], "credits": [{"lang": "en", "value": "Mustafa Anil YILDIRIM", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"defect": ["TR-23-0283"], "advisory": "TR-23-0283", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.316Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0283"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-17T16:11:47.713395Z", "id": "CVE-2023-2703", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T16:11:59.898Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0283", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.316Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-17T16:11:47.713395Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T16:11:55.805Z"}}], "cna": {"title": "Information Disclosure in Finex Media's Competition Management System", "source": {"defect": ["TR-23-0283"], "advisory": "TR-23-0283", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mustafa Anil YILDIRIM"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}, {"capecId": "CAPEC-569", "descriptions": [{"lang": "en", "value": "CAPEC-569 Collect Data as Provided by Users"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Finex Media", "product": "Competition Management System", "versions": [{"status": "affected", "version": "0", "lessThan": "23.07", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the software to >= v.23.07", "supportingMedia": [{"type": "text/html", "value": "Update the software to &gt;= v.23.07", "base64": false}]}], "datePublic": "2023-05-23T19:20:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0283", "tags": ["government-resource", "broken-link"]}, {"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0283", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.\n\nThis issue affects Competition Management System: before 23.07.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.<p>This issue affects Competition Management System: before 23.07.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-05-22T11:16:13.302Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2703", "state": "PUBLISHED", "dateUpdated": "2026-05-22T11:16:13.302Z", "dateReserved": "2023-05-15T11:02:25.945Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2023-05-23T19:19:47.883Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:finexmedia:competition_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "73D09461-53AD-41B1-A0E9-EF403A363624", "versionEndExcluding": "23.07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.\n\n"}], "id": "CVE-2023-2703", "lastModified": "2024-11-21T07:59:07.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-05-23T20:15:09.817", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-23-0283"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}