Lucene search

[email protected]CVE-2023-23909

HistoryMay 10, 2023 - 2:15 p.m.

CVE-2023-23909

2023-05-1014:15:30

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-23909

intel

trace analyzer

collector

information disclosure

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Out-of-bounds read for some Intel® Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.

Affected configurations

NVD

Node

inteloneapi_hpc_toolkitRange<2023.0.0

inteltrace_analyzer_and_collectorRange<2021.8.0

CPENameOperatorVersion
intel:oneapi_hpc_toolkitintel oneapi hpc toolkitlt2023.0.0
intel:trace_analyzer_and_collectorintel trace analyzer and collectorlt2021.8.0

CPE	Name	Operator	Version
intel:oneapi_hpc_toolkit	intel oneapi hpc toolkit	lt	2023.0.0
intel:trace_analyzer_and_collector	intel trace analyzer and collector	lt	2021.8.0

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Trace Analyzer and Collector software",
    "versions": [
      {
        "version": "before version 2021.8.0 published Dec 2022",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-23909

prion1 nvd1 cvelist1 intel1