Lucene search

INCDCVELIST:CVE-2023-39375

HistorySep 26, 2023 - 9:15 a.m.

CVE-2023-39375 SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

2023-09-2609:15:01

CWE-274

INCD

www.cve.org

siberiancms

cwe-274

improper handling

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SiberianCMS",
    "vendor": "SiberianCMS",
    "versions": [
      {
        "lessThanOrEqual": "upgrade to version 4.20.44 or 5.0.4",
        "status": "affected",
        "version": "versions 4.*, 5.*",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVELIST:CVE-2023-39375