Lucene search
Palo_altoCVELIST:CVE-2023-3289HistoryJul 09, 2024 - 10:24 a.m.
CVE-2023-3289 A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0
2024-07-0910:24:13
CWE-639
palo_alto
www.cve.org
5
bola vulnerability
easyappointments
unauthorized data manipulation
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
CNA Affected
[
{
"collectionURL": "https://github.com/alextselegidis/easyappointments",
"defaultStatus": "unaffected",
"packageName": "alextselegidis/easyappointments",
"product": "easyappointments",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
]Related
veracode
veracode
Authorization Bypass
2024-07-12 04:22:57
vulnrichment
vulnrichment
osv
osv
CVE-2023-3289
2024-07-09 11:15:12
nvd
nvd
CVE-2023-3289
2024-07-09 11:15:12
cve
cve
CVE-2023-3289
2024-07-09 11:15:12
paloalto
paloalto
PAN-OS: OS Command Injection Vulnerability in the Web Interface
2023-12-13 17:00:00
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
EPSS
0.001
Percentile
16.8%
Related for CVELIST:CVE-2023-3289