Lucene search

INCDCVE-2023-42486

HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-42486

2023-09-2715:19:32

CWE-428

INCD

web.nvd.nist.gov

fortect

cve-2023-42486

nvd

cwe-428

unquoted search path or element

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges.

Affected configurations

Nvd

Node

fortectfortectRange≤5.0.0.7

VendorProductVersionCPE
fortectfortect*cpe:2.3:a:fortect:fortect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortect	fortect	*	cpe:2.3:a:fortect:fortect::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Fortect ",
    "vendor": "Fortect",
    "versions": [
      {
        "lessThanOrEqual": "Upgrade to version 6.0.0.1",
        "status": "affected",
        "version": "version 5.0.0.7",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-42486