CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
18.1%
Special Interest Group Network for Analysis and Liaison’s “Inter-SOC Cooperation API” provided by Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) contains multiple vulnerabilities listed below.
Improper Authorization in Information Provision function (CWE-285) - CVE-2023-38751
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N | Base Score: 3.5 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
Improper Authorization in Information Provision and Group Message functions (CWE-285) - CVE-2023-38752
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N | Base Score: 3.5 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
Apply the Patch
Apply the patch according to the information provided by the developer.
For more information, contact the developer.
Apply the workaround
If the patch cannot be applied, applying the following workaround may mitigate the impacts of these vulnerabilities.