CVE-2023-47325: n/a in n/a
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
AI Analysis
Technical Summary
CVE-2023-47325 is a medium-severity vulnerability affecting Silverpeas Core version 6.3.1, specifically related to broken access control in the administrative "Bin" feature. Silverpeas is an enterprise collaboration and content management platform used to manage digital workspaces and content. The vulnerability allows a user with low privileges—who normally should not have administrative rights—to directly access the "Bin," which is a repository for deleted spaces within the platform. By navigating directly to this Bin, the low-privileged user can view all deleted spaces, which are typically restricted to administrators. Furthermore, the user can perform unauthorized actions such as restoring or permanently deleting these spaces. This represents a violation of the principle of least privilege and breaks the intended access control mechanisms. The CVSS v3.1 base score is 5.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and limited impact on confidentiality (C:L) and integrity (I:L), with no impact on availability (A:N). The vulnerability is categorized under CWE-284 (Improper Access Control). No patches or known exploits in the wild have been reported as of the publication date (December 13, 2023). This vulnerability could allow unauthorized users to manipulate deleted content, potentially leading to data integrity issues and unauthorized data recovery or deletion within the affected Silverpeas environment.
Potential Impact
For European organizations using Silverpeas Core 6.3.1, this vulnerability poses a risk to the integrity and confidentiality of deleted workspace data. Unauthorized restoration or permanent deletion of spaces could disrupt business processes, lead to loss of critical archived information, or enable unauthorized data exposure if deleted spaces contain sensitive content. Although the vulnerability does not affect availability directly, the ability to manipulate deleted spaces could undermine trust in the platform's data management and audit capabilities. Organizations in sectors with strict data governance and compliance requirements (e.g., finance, healthcare, government) may face regulatory risks if unauthorized data restoration or deletion occurs. Additionally, since the attack requires only low privileges and no user interaction, it lowers the barrier for insider threats or compromised accounts with limited access to exploit this flaw. This could facilitate lateral movement or privilege escalation attempts within the enterprise collaboration environment.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Immediately review user privileges and restrict access to the Silverpeas administrative features, ensuring that only trusted administrators have access to the Bin functionality. 2) Implement network segmentation and access controls to limit which users can reach the administrative interfaces of Silverpeas. 3) Monitor logs and audit trails for unusual access patterns to the Bin or deleted spaces, including restoration or permanent deletion actions by low-privileged users. 4) If possible, upgrade to a patched version of Silverpeas once available; in the absence of an official patch, consider applying custom access control rules or web application firewall (WAF) policies to block unauthorized Bin access URLs. 5) Conduct user awareness training to reduce the risk of credential compromise that could be leveraged to exploit this vulnerability. 6) Engage with Silverpeas vendor support or community to track patch releases and vulnerability disclosures.
Affected Countries
France, Germany, United Kingdom, Netherlands, Belgium, Italy, Spain
CVE-2023-47325: n/a in n/a
Description
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.
AI-Powered Analysis
Technical Analysis
CVE-2023-47325 is a medium-severity vulnerability affecting Silverpeas Core version 6.3.1, specifically related to broken access control in the administrative "Bin" feature. Silverpeas is an enterprise collaboration and content management platform used to manage digital workspaces and content. The vulnerability allows a user with low privileges—who normally should not have administrative rights—to directly access the "Bin," which is a repository for deleted spaces within the platform. By navigating directly to this Bin, the low-privileged user can view all deleted spaces, which are typically restricted to administrators. Furthermore, the user can perform unauthorized actions such as restoring or permanently deleting these spaces. This represents a violation of the principle of least privilege and breaks the intended access control mechanisms. The CVSS v3.1 base score is 5.4 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and limited impact on confidentiality (C:L) and integrity (I:L), with no impact on availability (A:N). The vulnerability is categorized under CWE-284 (Improper Access Control). No patches or known exploits in the wild have been reported as of the publication date (December 13, 2023). This vulnerability could allow unauthorized users to manipulate deleted content, potentially leading to data integrity issues and unauthorized data recovery or deletion within the affected Silverpeas environment.
Potential Impact
For European organizations using Silverpeas Core 6.3.1, this vulnerability poses a risk to the integrity and confidentiality of deleted workspace data. Unauthorized restoration or permanent deletion of spaces could disrupt business processes, lead to loss of critical archived information, or enable unauthorized data exposure if deleted spaces contain sensitive content. Although the vulnerability does not affect availability directly, the ability to manipulate deleted spaces could undermine trust in the platform's data management and audit capabilities. Organizations in sectors with strict data governance and compliance requirements (e.g., finance, healthcare, government) may face regulatory risks if unauthorized data restoration or deletion occurs. Additionally, since the attack requires only low privileges and no user interaction, it lowers the barrier for insider threats or compromised accounts with limited access to exploit this flaw. This could facilitate lateral movement or privilege escalation attempts within the enterprise collaboration environment.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Immediately review user privileges and restrict access to the Silverpeas administrative features, ensuring that only trusted administrators have access to the Bin functionality. 2) Implement network segmentation and access controls to limit which users can reach the administrative interfaces of Silverpeas. 3) Monitor logs and audit trails for unusual access patterns to the Bin or deleted spaces, including restoration or permanent deletion actions by low-privileged users. 4) If possible, upgrade to a patched version of Silverpeas once available; in the absence of an official patch, consider applying custom access control rules or web application firewall (WAF) policies to block unauthorized Bin access URLs. 5) Conduct user awareness training to reduce the risk of credential compromise that could be leveraged to exploit this vulnerability. 6) Engage with Silverpeas vendor support or community to track patch releases and vulnerability disclosures.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2023-11-06T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682f6ee00acd01a249264721
Added to database: 5/22/2025, 6:37:20 PM
Last enriched: 7/8/2025, 7:43:03 AM
Last updated: 7/8/2025, 7:43:03 AM
Views: 6
Related Threats
CVE-2025-6742: CWE-502 Deserialization of Untrusted Data in brainstormforce SureForms – Drag and Drop Form Builder for WordPress
HighCVE-2025-6691: CWE-73 External Control of File Name or Path in brainstormforce SureForms – Drag and Drop Form Builder for WordPress
HighCVE-2025-7218: SQL Injection in Campcodes Payroll Management System
MediumCVE-2025-7217: SQL Injection in Campcodes Payroll Management System
MediumCVE-2025-7216: Deserialization in lty628 Aidigu
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.