CVE-2023-53955
Published: Dec 22, 2025
Modified: Dec 22, 2025
CVSS v3.1
9.8
Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without proper authentication.
| Vendor | Product | Versions |
|---|---|---|
SOUND4 Ltd. | Impact/Pulse/First | affected Version 2: 1.1/2.15 |
SOUND4 Ltd. | Impact/Pulse Eco | affected 1.16 |
SOUND4 Ltd. | BigVoice4 | affected 1.2 |
SOUND4 Ltd. | BigVoice2 | affected 1.30 |
SOUND4 Ltd. | Stream | affected 1.1/2.4.29 |
Kantar Media | WM2 | affected 1.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now