Lucene search

CyberDanubeCVELIST:CVE-2023-3654

HistoryOct 03, 2023 - 8:10 a.m.

CVE-2023-3654 Origin Check Bypass

2023-10-0308:10:48

CWE-346

CyberDanube

www.cve.org

cve-2023-3654

origin check bypass

cashit

pos dienstleistung entwicklung vertrieb gmbh

http request vulnerability

network exposed endpoint vulnerability

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

cashIT! - serving solutions. Devices from “PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH” to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "cashIT! - serving solutions.",
    "vendor": "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH",
    "versions": [
      {
        "lessThanOrEqual": "03.A06rks 2023.02.37",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

doi.org/10.35011/ww2q-d522

www.cashit.at/

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

Related for CVELIST:CVE-2023-3654