Lucene search

[email protected]CVE-2023-23347

HistoryAug 09, 2023 - 8:15 p.m.

CVE-2023-23347

2023-08-0920:15:09

CWE-327

[email protected]

web.nvd.nist.gov

hcl dryice iautomate

cve-2023-23347

broken cryptographic algorithm

confidentiality compromise

integrity compromise

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.

Affected configurations

NVD

Node

hcltechdryice_iautomateMatch6.0

hcltechdryice_iautomateMatch6.1

hcltechdryice_iautomateMatch6.2

CPENameOperatorVersion
hcltech:dryice_iautomatehcltech dryice iautomateeq6.0
hcltech:dryice_iautomatehcltech dryice iautomateeq6.1
hcltech:dryice_iautomatehcltech dryice iautomateeq6.2

CPE	Name	Operator	Version
hcltech:dryice_iautomate	hcltech dryice iautomate	eq	6.0
hcltech:dryice_iautomate	hcltech dryice iautomate	eq	6.1
hcltech:dryice_iautomate	hcltech dryice iautomate	eq	6.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL DRYiCE iAutomate",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "6..0, 6.1, 6.2"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106674

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-23347

prion1 nvd1 cvelist1