Lucene search

SymantecCVE-2023-23951

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-23951

2023-01-2621:18:15

CWE-79

symantec

web.nvd.nist.gov

cve-2023-23951

oracle

ldap

attributes

enumeration

query modification

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

32.0%

JSON

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

Affected configurations

Nvd

Node

broadcomsymantec_identity_governance_and_administrationMatch14.3

broadcomsymantec_identity_governance_and_administrationMatch14.4.1

broadcomsymantec_identity_governance_and_administrationMatch14.4.2

broadcomsymantec_identity_managerMatch14.3

broadcomsymantec_identity_managerMatch14.4

VendorProductVersionCPE
broadcomsymantec_identity_governance_and_administration14.3cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.3:*:*:*:*:*:*:*
broadcomsymantec_identity_governance_and_administration14.4.1cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.4.1:*:*:*:*:*:*:*
broadcomsymantec_identity_governance_and_administration14.4.2cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.4.2:*:*:*:*:*:*:*
broadcomsymantec_identity_manager14.3cpe:2.3:a:broadcom:symantec_identity_manager:14.3:*:*:*:*:*:*:*
broadcomsymantec_identity_manager14.4cpe:2.3:a:broadcom:symantec_identity_manager:14.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	symantec_identity_governance_and_administration	14.3	cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.3:::::::*
broadcom	symantec_identity_governance_and_administration	14.4.1	cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.4.1:::::::*
broadcom	symantec_identity_governance_and_administration	14.4.2	cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.4.2:::::::*
broadcom	symantec_identity_manager	14.3	cpe:2.3:a:broadcom:symantec_identity_manager:14.3:::::::*
broadcom	symantec_identity_manager	14.4	cpe:2.3:a:broadcom:symantec_identity_manager:14.4:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Symantec Identity Management And Governance",
    "versions": [
      {
        "version": "14.3, 14.4.1, 14.4.2",
        "status": "affected"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/21174

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

32.0%

JSON

Related for CVE-2023-23951