Lucene search

Palo_altoCVE-2023-3290

HistoryJul 09, 2024 - 11:15 a.m.

CVE-2023-3290

2024-07-0911:15:12

CWE-639

palo_alto

web.nvd.nist.gov

bola vulnerability

low privileged user

unauthorized data manipulation

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

14.7%

JSON

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.

Affected configurations

Nvd

Node

easyappointmentseasyappointmentsRange<1.5.0

VendorProductVersionCPE
easyappointmentseasyappointments*cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
easyappointments	easyappointments	*	cpe:2.3:a:easyappointments:easyappointments::::::::

CNA Affected

[
  {
    "collectionURL": "https://github.com/alextselegidis/easyappointments",
    "defaultStatus": "unaffected",
    "packageName": "alextselegidis/easyappointments",
    "product": "easyappointments",
    "versions": [
      {
        "lessThan": "1.5.0",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/alextselegidis/easyappointments

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

14.7%

JSON

Related for CVE-2023-3290