Lucene search

[email protected]CVE-2023-6098

HistoryNov 13, 2023 - 1:15 p.m.

CVE-2023-6098

2023-11-1313:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-6098

xss

ics business manager

remote attacker

authenticated user's session

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

JSON

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user’s session, and perform actions within the application.

Affected configurations

Vulners

NVD

Node

icssolutionics_business_managerRange≤7.06.0028.7066

icssolutionics_business_managerRange≤7.06.0028.2802

VendorProductVersionCPE
icssolutionics_business_manager*cpe:2.3:a:icssolution:ics_business_manager:*:*:*:*:*:*:*:*
icssolutionics_business_manager*cpe:2.3:a:icssolution:ics_business_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
icssolution	ics_business_manager	*	cpe:2.3:a:icssolution:ics_business_manager::::::::
icssolution	ics_business_manager	*	cpe:2.3:a:icssolution:ics_business_manager::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ICS Business Manager",
    "vendor": "ICSSolution",
    "versions": [
      {
        "status": "affected",
        "version": "7.06.0028.7066"
      },
      {
        "status": "affected",
        "version": "7.06.0028.2802"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager