CVE-2023-7240
Broken Access Control leading to SSRF in NetIQ Identity Console
Severity Score
5.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
An improper authorization level has been detected in the login panel. It may lead to
unauthenticated Server Side Request Forgery and allows to perform open services
enumeration. Server makes query to provided server (Server IP/DNS field) and is
triggering connection to arbitrary address.
Se ha detectado un nivel de autorización inadecuado en el panel de inicio de sesión. Puede provocar Server Side Request Forgery no autenticadas y permite realizar una enumeración de servicios abiertos. El servidor realiza una consulta al servidor proporcionado (campo IP/DNS del servidor) y activa la conexión a una dirección arbitraria.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-23 CVE Reserved
- 2024-05-07 CVE Published
- 2024-05-08 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-114: Authentication Abuse
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| OpenText Search vendor "OpenText" | NetIQ Identity Console Search vendor "OpenText" for product "NetIQ Identity Console" | >= 1.0.0 <= 1.7.1 Search vendor "OpenText" for product "NetIQ Identity Console" and version " >= 1.0.0 <= 1.7.1" | en |
Affected
| ||||||