CVE-2023-7240 – Broken Access Control leading to SSRF in NetIQ Identity Console

https://notcve.org/view.php?id=CVE-2023-7240

An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. Se ha detectado un nivel de autorización inadecuado en el panel de inicio de sesión. Puede provocar Server Side Request Forgery no autenticadas y permite realizar una enumeración de servicios abiertos. • https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html • CWE-20: Improper Input Validation •