CVE-2023-47325: 
Java vulnerability analysis and mitigation

Silverpeas Core 6.3.1 contains a broken access control vulnerability in its administrative 'Bin' feature. The vulnerability, identified as CVE-2023-47325, was disclosed on December 13, 2023. This security flaw affects the core functionality of Silverpeas, specifically impacting versions up to (but not including) 6.3.2 (NVD, Rhino Labs).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The issue stems from improper access control implementation in the administrative 'Bin' feature, which allows users with low privileges to directly access and interact with the bin functionality through the URL path '/RjobStartPagePeas/jsp/ViewBin' (NVD).

When exploited, this vulnerability allows low-privileged users to view all deleted spaces within the system. Additionally, these unauthorized users can perform administrative actions such as restoring or permanently deleting these spaces, potentially leading to unauthorized data access and modification (Rhino Labs).

The vulnerability has been fixed in Silverpeas Core version 6.3.2. Organizations using affected versions should upgrade to version 6.3.2 or later to address this security issue (NVD).