Lucene search

[email protected]NVD:CVE-2023-1663

HistoryMar 29, 2023 - 2:15 p.m.

CVE-2023-1663

2023-03-2914:15:07

CWE-425

[email protected]

web.nvd.nist.gov

coverity

forced browsing

authenticated resources

servlet mapping

apache tomcat

vulnerabilities

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)

Affected configurations

NVD

Node

synopsyscoverityRange<2023.3.2

References

community.synopsys.com/s/article/Mitigation-for-Coverity-Platforms-Exposure-to-CVE-2023-1663

community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2023-1663-Affecting-Coverity-Platform

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for NVD:CVE-2023-1663

cvelist1 cve1 prion1