Lucene search

TR-CERTCVE-2023-6522

HistoryApr 05, 2024 - 12:15 p.m.

CVE-2023-6522

2024-04-0512:15:36

CWE-648

TR-CERT

web.nvd.nist.gov

extremepacs

extreme xds

privilege management

vulnerability

collect data

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Extreme XDS",
    "vendor": "ExtremePacs",
    "versions": [
      {
        "lessThan": "3914",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0276

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for CVE-2023-6522