CVE-2023-47323: 
Java vulnerability analysis and mitigation

CVE-2023-47323 affects the notification/messaging feature of Silverpeas Core 6.3.1. The vulnerability was discovered and disclosed in December 2023, impacting the core messaging functionality of the Silverpeas collaborative platform. The affected software fails to enforce proper access control on the ID parameter in the messaging system (NVD, Rhino Labs).

The vulnerability exists in the notification/messaging feature's handling of the ID parameter, specifically in the message reading functionality. The issue can be exploited through the URL path '/RSILVERMAIL/jsp/ReadMessage.jsp?ID=[messageID]'. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The vulnerability allows an attacker to read all messages sent between users in the system, including messages that were intended only for administrators. This represents a significant breach of confidentiality as sensitive communications can be exposed to unauthorized users (NVD, Rhino Labs).

The vulnerability has been fixed in Silverpeas Core version 6.3.2. Organizations using affected versions (6.3.1 and earlier) should upgrade to version 6.3.2 or later to mitigate this security issue (Silverpeas, Rhino Labs).