Lucene search

JpcertCVE-2023-38752

HistoryAug 09, 2023 - 4:15 a.m.

CVE-2023-38752

2023-08-0904:15:10

jpcert

web.nvd.nist.gov

2463

cve-2023-38752

improper authorization

vulnerability

sig network

information disclosure

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.

Affected configurations

Nvd

Vulners

Node

jpcertspecial_interest_group_network_for_analysis_and_liaisonRange4.4.0–4.7.7

VendorProductVersionCPE
jpcertspecial_interest_group_network_for_analysis_and_liaison*cpe:2.3:a:jpcert:special_interest_group_network_for_analysis_and_liaison:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jpcert	special_interest_group_network_for_analysis_and_liaison	*	cpe:2.3:a:jpcert:special_interest_group_network_for_analysis_and_liaison::::::::

CNA Affected

[
  {
    "vendor": "Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)",
    "product": "Special Interest Group Network for Analysis and Liaison ",
    "versions": [
      {
        "version": "versions 4.4.0 to 4.7.7 ",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN83334799/

www.jpcert.or.jp/press/2023/PR20230807_notice.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

Related for CVE-2023-38752